Lucene search
K

5465 matches found

Debian CVE
Debian CVE
added 2019/11/27 5:13 p.m.89 views

CVE-2012-6655

An issue exists AccountService 0.6.37 in the userchangepasswordauthorizedcb function in user.c which could let a local users obtain encrypted passwords...

3.3CVSS4.4AI score0.00448EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2019/11/27 12:0 a.m.4 views

PT-2019-6818 · Freedesktop +3 · Accountsservice +3

Name of the Vulnerable Software and Affected Versions: AccountService version 0.6.37 Description: An issue exists in the user change password authorized cb function in user.c, which could let a local user obtain encrypted passwords. Recommendations: For version 0.6.37, consider restricting access...

3.3CVSS3.5AI score0.00448EPSS
Exploits1References17
CNVD
CNVD
added 2019/11/22 12:0 a.m.1 views

Unspecified Vulnerability in CloudBees Jenkins QMetry for JIRA-Test Management Plugin

CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . QMetry for JIRA-Test Management Plugin is used in one of...

6.5CVSS6.5AI score0.00541EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/11/21 4:27 p.m.31 views

Nextcloud: Improper confidentiality protection of server-side encryption keys

This vulnerability is related to the Improper integrity protection of server-side encryption keys vulnerability but leverages a different attack vector. While the previous attack broke the confidentiality of encrypted files because the public keys are not integrity-protected, this new attack brea...

2.1CVSS0.1AI score0.0032EPSS
Exploits2
NVD
NVD
added 2019/11/14 9:15 p.m.24 views

CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

7.5CVSS7.5AI score0.01486EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/11/14 8:16 p.m.28 views

CVE-2019-15799

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH while their...

8.8AI score0.02309EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.48 views

EulerOS 2.0 SP5 : nss (EulerOS-SA-2019-2174)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...

5.9CVSS6.6AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.38 views

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

5.9CVSS6.6AI score0.12154EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.66 views

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2264)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

4.7CVSS6.6AI score0.03838EPSS
Exploits0References3
Kitploit
Kitploit
added 2019/11/07 8:43 p.m.146 views

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...

8AI score
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/11/05 9:17 p.m.5 views

389-ds-base: DoS via hanging secured connections

It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

7.5CVSS5.7AI score0.08426EPSS
Exploits0References4
Hacker One
Hacker One
added 2019/11/03 4:23 a.m.34 views

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████

Description We were able to identify CVE-2018-2879 in Oracle Access Manager, used on the https://██████ Link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-2879 This vulnerability is rated critical, and may allow unauthenticated attacker with network access via HTTP to compromise Oracle...

6.8CVSS0.4AI score0.22154EPSS
Exploits2
Kitploit
Kitploit
added 2019/10/31 12:0 p.m.92 views

UBoat - HTTP Botnet Project

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...

7.6AI score
Exploits0References5
Prion
Prion
added 2019/10/28 1:15 p.m.20 views

Hardcoded credentials

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...

7.5CVSS9.6AI score0.02085EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2019/10/28 12:10 p.m.31 views

CVE-2019-14926

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with...

9.7AI score0.02085EPSS
Exploits1References2
CVE
CVE
added 2019/10/28 12:10 p.m.63 views

CVE-2019-14926

CVE-2019-14926 concerns hard-coded SSH keys in Mitsubishi Electric ME-RTU (firmware up to 2.02) and INEA ME-RTU (up to 3.0). The root cause is static private-key values stored in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key that are publicly available from...

9.8CVSS9.7AI score0.02085EPSS
Exploits1References2Affected Software1
Symantec
Symantec
added 2019/10/28 12:0 a.m.25 views

Broadcom Brocade SANnav CVE-2019-16209 SSL Certificate Validation Security Bypass Vulnerability

Description Broadcom Brocade SANnav is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies...

5.8CVSS0.2AI score0.0074EPSS
Exploits0References1
Symantec
Symantec
added 2019/10/28 12:0 a.m.29 views

Broadcom Brocade SANnav CVE-2019-16208 Weak Encryption Security Weakness

Description Broadcom Brocade SANnav is prone to a security weakness. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Versions prior to Brocade SANnav 2.0 are vulnerable. Technologies Affected Broadcom Brocade SANnav...

5CVSS7.4AI score0.00405EPSS
Exploits0References1
Symantec
Symantec
added 2019/10/28 12:0 a.m.42 views

Broadcom Brocade SANnav CVE-2019-16210 Information Disclosure Vulnerability

Description Broadcom Brocade SANnav is prone to an information disclosure vulnerability Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks or cause a denial-of-service condition. Versions prior to Brocade SANnav 2.0 are...

2.1CVSS5.3AI score0.00205EPSS
Exploits0References1
Symantec
Symantec
added 2019/10/28 12:0 a.m.49 views

Broadcom Brocade SANnav CVE-2019-16206 Information Disclosure Vulnerability

Description Broadcom Brocade SANnav is prone to an information disclosure vulnerability Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks or cause a denial-of-service condition. Versions prior to Brocade SANnav 2.0 are...

2.1CVSS5.3AI score0.00203EPSS
Exploits0References1
Rows per page
Query Builder