Lucene search
K

5464 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/09/10 3:23 a.m.20 views

Security Bulletin: Security Vulnerabilties exist in IBM Cognos Controller

Summary Security Vulnerabilities exist in IBM Cognos Controller. When performing security testing, you might encounter a "Missing Secure Attribute in Encrypted Session SSL Cookie" error message. IBM Cognos Controller versions 10.4.1, 10.4.0, 10.3.1 and 10.3.0, by default, do not have this setting...

7.5CVSS0.4AI score0.00966EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/09/10 12:0 a.m.3 views

The vulnerabilities of the microprogramming software of Cisco Small Business RV160, Cisco Small Business RV260, and Cisco Small Business RV340 allow attackers to enhance their privileges.

The vulnerability of the microprogramming software of Cisco Small Business RV160, Cisco Small Business RV260, and Cisco Small Business RV340 is related to the use of strictly encrypted passwords for user roles such as root, debug-admin, cisco, admin, and guest. Exploiting this vulnerability allow...

8.5CVSS5.5AI score
Exploits0References1Affected Software3
Tenable Nessus
Tenable Nessus
added 2019/08/30 12:0 a.m.51 views

McAfee DLPe Agent 11.x < 11.1.210.32 / 11.2.x / 11.3.x < 11.3.2.8 Multiple Vulnerabilities (SB10295)

The version of the McAfee Data Loss Prevention Endpoint DLPe Agent installed on the remote Windows host is 11.x prior to 11.1.210.32, 11.2.x, or 11.3.x prior to 11.3.2.8. It is, therefore, affected by multiple vulnerabilities: - Buffer overflow in McAfee Data Loss Prevention DLPe for Windows 11.x...

5.5CVSS5.3AI score0.00251EPSS
Exploits0References3
Kitploit
Kitploit
added 2019/08/23 9:45 p.m.145 views

Covenant - A .NET Command And Control Framework For Red Teamers

Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. Covenant is an ASP.NET Core, cross-platform application that includes a...

7.8AI score
Exploits0References3
NVD
NVD
added 2019/08/21 4:15 p.m.17 views

CVE-2019-3634

Buffer overflow in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory...

5.5CVSS5.1AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2019/08/21 4:15 p.m.4 views

CVE-2019-3634

Buffer overflow in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory...

5.5CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2019/08/21 4:15 p.m.29 views

Buffer overflow

Buffer overflow in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory...

4.9CVSS4.9AI score0.00248EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/21 12:0 a.m.4 views

PT-2019-16641 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention DLPe for Windows versions prior to 11.3.2.8 Description: The issue allows a local user to cause the Windows operating system to crash via an encrypted message sent to DLPe, which when decrypted results in DLPe...

5.5CVSS5.1AI score0.00248EPSS
Exploits0References3
NVD
NVD
added 2019/08/15 9:15 p.m.10 views

CVE-2018-14062

The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages unrelated to distress alerts via a crafted 406 MHz digital signal...

9.4CVSS8.9AI score0.02326EPSS
Exploits0References2
Prion
Prion
added 2019/08/15 9:15 p.m.18 views

Code injection

The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages unrelated to distress alerts via a crafted 406 MHz digital signal...

9.4CVSS8.7AI score0.02326EPSS
Exploits0References2
CVE
CVE
added 2019/08/15 9:0 p.m.117 views

CVE-2018-14062

Technical details about CVE-2018-14062 are not publicly available in the provided documents. Monitor for updates from official advisories.

9.4CVSS8.7AI score0.02326EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/15 9:0 p.m.14 views

CVE-2018-14062

The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages unrelated to distress alerts via a crafted 406 MHz digital signal...

8.9AI score0.02326EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2019/08/15 3:26 p.m.144 views

The Hidden Bee infection chain, part 1: the stegano pack

About a year ago, we described the Hidden Bee miner delivered by the Underminer Exploit Kit. Hidden Bee has a complex and multi-layered internal structure that is unusual among cybercrime toolkits, making it an interesting phenomenon on the threat landscape. That's why we're dedicating a series o...

10CVSS9.5AI score0.93688EPSS
Exploits5
OSV
OSV
added 2019/08/14 5:15 p.m.14 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

8.1CVSS8.7AI score
Exploits0References30
OSV
OSV
added 2019/08/13 8:15 p.m.4 views

CVE-2019-12806

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets...

8.8CVSS8AI score0.04126EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.31 views

Amazon Linux 2 : 389-ds-base (ALAS-2019-1262)

It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service. CVE-2019-3883 C Tenab...

7.5CVSS6.2AI score0.08426EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2019/08/08 4:11 p.m.55 views

Supply-Chain Attack against the Electron Development Platform

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference o...

6.7AI score
Exploits0
pentestit
pentestit
added 2019/08/08 5:7 a.m.81 views

UPDATE: SILENTTRINITY v0.3.0

PenTestIT RSS Feed Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time!...

1.7AI score
Exploits0
Amazon
Amazon
added 2019/08/07 12:0 a.m.80 views

Medium: 389-ds-base

Issue Overview: 1693612: 389-ds-base: DoS via hanging secured connections It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to...

7.5CVSS6.5AI score0.08426EPSS
Exploits0
Amazon
Amazon
added 2019/08/07 12:0 a.m.30 views

Medium: 389-ds-base

Issue Overview: It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

7.5CVSS6.5AI score0.08426EPSS
Exploits0
Rows per page
Query Builder