Lucene search
K

5463 matches found

BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.4 views

The vulnerability of the command-line interface of the Cisco NX-OSS network operating system devices allows a attacker to obtain the user’s encrypted SSH key or import an encrypted SSH key protected by a password.

The vulnerability of the command-line interface of the Cisco NX-OSS network operating system is related to errors in managing SSH keys. Exploiting this vulnerability can allow an attacker to obtain a secret SSH key of a user or import a secret SSH key protected by a password...

5.6CVSS5.8AI score0.00354EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2019/06/13 2:26 p.m.140 views

Google's Push to Close a Major Encrypted Web Loophole

By building security into top-level domains, Google makes it harder for HTTPS to fall short...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/13 10:42 a.m.2 views

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service DDoS attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/13 10:42 a.m.166 views

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service DDoS attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the...

0.6AI score
Exploits0
OSV
OSV
added 2019/06/12 3:29 p.m.4 views

CVE-2019-0307

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to t...

2.4CVSS5.8AI score0.02089EPSS
Exploits1References2
CNVD
CNVD
added 2019/06/12 12:0 a.m.3 views

Cloudera Navigator Key Trustee KMS Encryption Issue Vulnerability

Cloudera Navigator Key Trustee KMS is a customized secret key management server from Cloudera. A security vulnerability exists in Cloudera Navigator Key Trustee KMS versions 5.12 and 5.13. An attacker can exploit the vulnerability to recover previously deleted but not cleaned keys or delete the...

5.5CVSS6.8AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2019/06/07 4:29 p.m.21 views

CVE-2018-20091

An SQL injection vulnerability was found in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords in the case of local...

9.9CVSS9.4AI score0.01009EPSS
Exploits0References2
Kitploit
Kitploit
added 2019/06/05 1:3 p.m.240 views

ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server

Reverse Encrypted AES 256-bit Shell over TCP - usingPowerShell SecureString. Attacker C2-Server Listener: PS .\ReverseTCP.ps1 Target Client: CMD ECHO...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/05/31 12:0 a.m.22 views

Ubuntu 16.04 LTS / 18.04 LTS : Evolution Data Server vulnerability (USN-3998-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3998-1 advisory. Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certa...

6.5CVSS7AI score0.02443EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

The vulnerability of the ECDSA encryption algorithm implementation in the OpenSSL library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ECDSA encryption algorithm implementation in the OpenSSL library is related to errors in the management of cryptographic keys. Exploiting this vulnerability could allow a malicious actor to remotely restore the encrypted private key...

7.1CVSS6.7AI score0.04763EPSS
Exploits0References15Affected Software27
Github Security Blog
Github Security Blog
added 2019/05/30 5:26 p.m.18 views

Insecure Credential Storage in web3

All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Si...

2.4AI score
Exploits0References4Affected Software1
Ubuntu
Ubuntu
added 2019/05/30 11:41 a.m.210 views

USN-3998-1: Evolution Data Server vulnerability

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...

6.5CVSS6.9AI score0.02443EPSS
Exploits1
OSV
OSV
added 2019/05/30 11:41 a.m.3 views

USN-3998-1 evolution-data-server vulnerability

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...

6.5CVSS6.8AI score0.02443EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2019/05/22 1:16 p.m.102 views

Google Stored G Suite Passwords in Plaintext Since 2005

Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...

7.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2019/05/21 2:3 p.m.78 views

Core Elastic Stack Security Features Now Available For Free Users As Well

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful ope...

0.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2019/05/16 9:0 p.m.85 views

The False Promise of “Lawful Access” to Private Data

Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition...

1.6AI score
Exploits0
Veracode
Veracode
added 2019/05/16 3:0 a.m.27 views

Weak Encryption

Thunderbird ESR and Thunderbird is vulnerable to weak encryption. A remote unauthenticated attacker could cause disclosure of plaintext using remote content in encrypted messages...

7.5CVSS8.3AI score0.01798EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2019/05/14 8:29 p.m.31 views

CVE-2019-10922

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...

9.8CVSS9.6AI score0.0264EPSS
Exploits0References2
OSV
OSV
added 2019/05/14 8:29 p.m.7 views

CVE-2019-10922

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...

9.8CVSS7.4AI score0.0264EPSS
Exploits0References2
Prion
Prion
added 2019/05/14 8:29 p.m.20 views

Security feature bypass

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...

7.5CVSS9.5AI score0.0264EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder