Lucene search
K

54 matches found

OSV
OSV
added 2019/09/20 7:51 a.m.7 views

SUSE-SU-2019:2410-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: OpenSSL Security Advisory 10 September 2019 CVE-2019-1547: Added ECGROUPsetgenerator side channel attack avoidance. bsc1150003 CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key bsc1150250...

4.7CVSS5.1AI score0.03838EPSS
Exploits0References5
CVE
CVE
added 2019/04/24 8:13 p.m.58 views

CVE-2018-18251

Deltek Vision 7.x before 7.6 allows an authenticated attacker to execute arbitrary SQL via a custom RPC over HTTP protocol. The client-side enforcement of security rules can be bypassed (e.g., encryption obfuscation with hard-coded keys), enabling potential arbitrary SQL execution and impacts to ...

9.8CVSS10AI score0.01551EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2018/11/06 9:19 a.m.540 views

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...

0.1AI score
Exploits0
NVD
NVD
added 2018/05/01 6:29 p.m.23 views

CVE-2017-5535

The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise th...

6.8CVSS6.7AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2018/01/01 10:38 a.m.25 views

MGASA-2018-0007 Updated apache packages fix security vulnerability

modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...

9.8CVSS8.5AI score0.94999EPSS
Exploits17References6
CNVD
CNVD
added 2017/09/21 12:0 a.m.3 views

Huawei FusionSphere OpenStack Information Disclosure Vulnerability (CNVD-2017-34443)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. Huawei FusionSphere OpenStack suffers from an...

5.3CVSS6.3AI score0.0071EPSS
Exploits0References1
OSV
OSV
added 2017/03/17 2:2 p.m.7 views

SUSE-SU-2017:0726-1 Security update for java-1_6_0-ibm

This update for java-160-ibm to 8.0-4.1 fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easi...

7.5CVSS7.4AI score0.95707EPSS
Exploits7References3
ThreatPost
ThreatPost
added 2011/03/29 3:50 p.m.10 views

Attacking and Defending the Tor Network

BOSTON–The Tor Project has become a vital mechanism for privacy advocates, human rights activists, journalists and others in sensitive positions to evade online censorship and persecution. And while the governments interested in limiting user access to the Internet and controlling content have ha...

7.3AI score
Exploits0References3
securityvulns
securityvulns
added 2004/02/28 12:0 a.m.38 views

Multiple issues with Mac OS X AFP client

Multiple issues with Mac OS X AFP client Background The standard Apple Filing Protocol1 AFP does not use encryption to protect transfered data. Login credentials may be sent in cleartext or protected with one of several different hashed exchanges or Kerberos2. There does not appear to have been a...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2003/03/14 12:0 a.m.35 views

Protegrity buffer overflow

Additional details can be found at http://www.kb.cert.org/vuls/id/247545 There is a company that does encryption of databases called Protegrty. They use extended stored procedures to do the encryption and decryption. I tested 3 of the extended stored procedures and found all 3 vulnerable to buffe...

0.1AI score
Exploits0
NVD
NVD
added 2001/08/27 4:0 a.m.21 views

CVE-2001-1444

The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V Heimdal, does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack...

7.5CVSS6.8AI score0.01296EPSS
Exploits1References3
exploitpack
exploitpack
added 2001/07/20 12:0 a.m.20 views

NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption

NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform passwor...

7.4AI score
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2001/02/12 12:0 a.m.7 views

FreeBSD-SA-01:24.ssh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:24 Security Advisory FreeBSD, Inc. Topic: SSH1 implementations may allow remote system, data compromise Category: core/ports Module: openssh, ssh Announced: 2001-02-12...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2001/02/02 5:0 a.m.20 views

CVE-2001-0103

CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords...

6.5AI score0.00212EPSS
Exploits0References2
Rows per page
Query Builder