Lucene search
K

5468 matches found

NCSC
NCSC
added 2020/02/11 12:0 a.m.7 views

Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products

Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...

7.5CVSS6.8AI score0.01311EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/02/11 12:0 a.m.3 views

The vulnerability of the FortiSIEM security management system, related to the use of strictly encrypted credentials, allows attackers to enhance their privileges.

The vulnerability of the FortiSIEM security management system is related to the use of strictly encrypted user credentials for the “tunneluser” user. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

8.1CVSS5.5AI score
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2020/02/07 5:3 p.m.55 views

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

7AI score
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.50 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168)

Summary IBM Sterling B2B Integrator is vulnerable to a robot security vulnerability. This could allow an attacker to obtain encrypted data in clear text. Vulnerability Details CVEID: CVE-2017-6168 DESCRIPTION: F5 BIG-IP virtual servers configured with a Client SSL profile could allow a remote...

7.4CVSS1.1AI score0.21552EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2020/02/05 12:0 a.m.4 views

PT-2020-1885 · Broadcom +2 · Broadcom Wi-Fi Chips +2

Name of the Vulnerable Software and Affected Versions: Broadcom and Cypress Wi-Fi chips affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in Wi-Fi chipsets from Broadcom. This can allow a remote attacker to gain unauthorize...

9CVSS7.4AI score0.67994EPSS
Exploits16References243
Kitploit
Kitploit
added 2020/02/04 11:0 a.m.66 views

Nfstream - A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...

7.1AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/31 12:0 a.m.65 views

JVN#00014057: AWMS Mobile App vulnerable to improper server certificate verification

AWMS Mobile App is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

5.9CVSS5.3AI score0.00497EPSS
Exploits0
NVD
NVD
added 2020/01/30 2:15 p.m.17 views

CVE-2013-1351

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...

5.9CVSS5.9AI score0.02008EPSS
Exploits3References3
Prion
Prion
added 2020/01/30 2:15 p.m.17 views

Design/Logic Flaw

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...

4.3CVSS7.2AI score0.02008EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2020/01/30 1:20 p.m.21 views

CVE-2013-1351

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...

6.3AI score0.02008EPSS
Exploits3References3
CVE
CVE
added 2020/01/30 1:20 p.m.53 views

CVE-2013-1351

CVE-2013-1351 affects all Verax NMS versions prior to 2.1.0. The vulnerability arises from a client-side RSA-based password encryption in the login flow (clientMain.swf) where private/public keys are hardcoded, allowing an attacker to capture and replay the encrypted password against the service....

5.9CVSS6.6AI score0.02008EPSS
Exploits3References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/29 4:35 p.m.41 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen...

5.9CVSS1.7AI score0.44398EPSS
Exploits0Affected Software1
Apple
Apple
added 2020/01/28 12:0 a.m.80 views

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra This document describes the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. About Apple security updates F...

10CVSS9.6AI score0.9947EPSS
Exploits69References1Affected Software3
Schneier on Security
Schneier on Security
added 2020/01/23 12:10 p.m.29 views

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily...

0.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.1 views

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS5.8AI score0.0212EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/16 4:2 p.m.4 views

Business-central: Encrypted password shown under Object id 7 of errai_security_context

A vulnerability was found in business-central where encoded passwords are stored in erraisecuritycontext. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed...

6.5CVSS5.8AI score0.00291EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/01/13 12:0 a.m.2 views

The vulnerability of the etc/shadow microprogramming software components of Cisco RV320 and Cisco RV325 allows a hacker to elevate their privileges to the root level.

The vulnerability of the etc/shadow microprogramming software components in Cisco RV320 and Cisco RV325 routers is related to the use of strictly encrypted login credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to elevate their privileges to the root lev...

9CVSS5.5AI score
Exploits0References1Affected Software2
Wired Threat Level
Wired Threat Level
added 2019/12/18 10:21 p.m.48 views

Creditors Seek to Exhume the Body of a Dead Crypto Executive

Gerry Cotten took at least $137 million to the grave when he died without giving anyone the password to his encrypted laptop...

3.6AI score
Exploits0
OSV
OSV
added 2019/12/18 6:15 p.m.3 views

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...

7.5CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2019/12/18 6:15 p.m.17 views

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...

7.5CVSS7.2AI score0.01222EPSS
Exploits0References2
Rows per page
Query Builder