Lucene search
K

5469 matches found

CNVD
CNVD
added 2020/04/21 12:0 a.m.1 views

Ansible Information Disclosure Vulnerability (CNVD-2020-33255)

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage, and orchestrate computer systems.Ansible Tower is one of the task control applications that provides a user interface UI, dashboard, and REST API.Ansible Engine is one...

5.5CVSS8.7AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/16 6:48 p.m.8 views

CVE-2020-11826

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...

7.5AI score0.00501EPSS
Exploits0References1
OSV
OSV
added 2020/04/14 11:15 p.m.10 views

CVE-2020-11005

The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...

5.5CVSS5.4AI score
Exploits0References2
Prion
Prion
added 2020/04/14 11:15 p.m.13 views

Authentication flaw

The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...

2.1CVSS5.4AI score0.00234EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/04/10 1:9 a.m.40 views

Information Disclosure

openssl is vulnerable to information disclosure. It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the...

4.3CVSS2.1AI score0.15757EPSS
Exploits0References27Affected Software1
Veracode
Veracode
added 2020/04/10 1:2 a.m.19 views

Access Control Bypass

encryptfs-utils is vulnerable to access control bypass. An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user'...

4.4CVSS2.2AI score0.00352EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/04/10 12:36 a.m.23 views

Information Disclosure

pidgin is vulnerable to information disclosure. It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the use...

5CVSS1.7AI score0.01302EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2020/04/10 12:20 a.m.15 views

Arbitrary Code Execution

evolution is vulnerable to arbitrary code execution. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution...

6.8CVSS2.5AI score0.04726EPSS
Exploits0References30Affected Software1
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.7 views

Event 55 when you copy an encrypted folder to EFS shared folder in Windows

Event 55 when you copy an encrypted folder to EFS shared folder in Windows Symptoms Assume that you enable Encryption File System EFS on a shared folder on a computer that is running Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7 Service Pack 1 SP1, Windows Server...

6.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/07 11:9 a.m.38 views

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

5.9CVSS4.4AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/06 12:0 a.m.66 views

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0868-1)

This update for the Linux Kernel 3.12.74-6064124 fixes several issues. The following security issues were fixed : CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel bsc1165631 CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for...

7.5CVSS7AI score0.10114EPSS
Exploits1References7
OSV
OSV
added 2020/04/03 7:31 a.m.7 views

SUSE-SU-2020:0891-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19734 fixes one issue. The following security issue was fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel bsc1165631...

7.5CVSS7.4AI score0.01229EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2020/03/31 5:14 p.m.2250 views

8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign

Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware – making use of the hardcoded, VelvetSweatshop default password for encrypted files. LimeRAT is a full-featured remote access tool/backdoor that can allow attackers to access an infected system and install a...

9.3CVSS6.9AI score0.99966EPSS
Exploits12References11
Akamai Blog
Akamai Blog
added 2020/03/24 11:30 a.m.35 views

Simplifying the ISP Transition to DNS Encryption

New protocols to encrypt DNS traffic, DNS over HTTPS DoH and DNS over TLS DoT, have been a visible Internet topic for the past two years. Akamai participated in the definition of DoH/DoT standards and recently released support in the high-performance CacheServe resolver. Major features include:...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/18 12:0 a.m.258 views

Broadcom Wi-Fi Devices - 'KR00K Information Disclosure

Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...

3.1CVSS6.2AI score0.07709EPSS
Exploits7
OSV
OSV
added 2020/03/16 4:15 p.m.10 views

CVE-2019-19135

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network...

7.4CVSS6.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/03/16 4:15 p.m.31 views

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS6.7AI score0.00374EPSS
Exploits0References2
Prion
Prion
added 2020/03/16 4:15 p.m.13 views

Code injection

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network...

5.8CVSS7.3AI score0.01043EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2020/03/16 4:15 p.m.16 views

Design/Logic Flaw

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

1.9CVSS5.6AI score0.00374EPSS
Exploits0References8Affected Software6
AlpineLinux
AlpineLinux
added 2020/03/16 3:7 p.m.37 views

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS5.9AI score0.00374EPSS
Exploits0
Rows per page
Query Builder