Lucene search
K

535 matches found

CNVD
CNVD
added 2018/04/28 12:0 a.m.6 views

Foxit Reader XFA record append remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA record append method, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/04/18 4:2 p.m.45 views

The Human (Resource) Role in the Journey to GDPR Compliance

Employees are at the center of dealing with the General Data Protection Regulation GDPR, which is the new European regulation that aims to strengthen and standardize the data pricy rights of European citizens. As we’ve discussed throughout this blog series, the GDPR impacts many organizations...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/02/27 4:28 p.m.46 views

Contain Attacks in Real Time with Live Response in Cb Defense

Endpoint security is broken. Yes, you’ve heard it before - traditional, signature-based antivirus AV can’t keep up with the volume of new malware and advanced attack methods being developed by cyber criminals every day. And that’s absolutely true. But a report published last year highlights an ev...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/13 12:26 p.m.16 views

Jumping Air Gaps

Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/02/01 4:6 p.m.5 views

chromium-browser: same origin bypass in shared worker

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01414EPSS
Exploits0References5
Prion
Prion
added 2017/12/20 8:29 p.m.25 views

Design/Logic Flaw

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...

5CVSS9.3AI score0.01186EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2017/12/20 8:29 p.m.18 views

CVE-2017-6094

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...

9.8CVSS9.4AI score0.01186EPSS
Exploits2References1
OSV
OSV
added 2017/12/20 8:29 p.m.3 views

CVE-2017-6094

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...

9.8CVSS5.8AI score0.01186EPSS
Exploits2References1
Cvelist
Cvelist
added 2017/12/20 8:0 p.m.16 views

CVE-2017-6094

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...

9.4AI score0.01186EPSS
Exploits2References1
CVE
CVE
added 2017/12/20 8:0 p.m.53 views

CVE-2017-6094

Genexis GAPS (Genexis B.V.) up to version 7.2 is affected. An attacker can forge valid chk values (derived from the CPE WAN MAC) to impersonate any CPE and retrieve configuration settings from the central GAPS instance, often exposing sensitive data such as VoIP credentials. Root cause: the chk a...

9.8CVSS9.3AI score0.01186EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2017/12/20 12:0 a.m.103 views

Genexis GAPS 7.2 Access Control

CVE-2017-6094 - Genexis GAPS Access Control Vulnerability Product: Genexis Automatic Provisioning System GAPS Vendor: Genexis B.V. CVE ID: CVE-2017-6094 Subject: Access control vulnerability Effect: Leaked configuration settings, including user credentials Author: Antoine Neuenschwander Date:...

0.4AI score0.01186EPSS
Exploits2
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/11/08 3:11 p.m.44 views

3 Reasons to Use VMware NSX with Trend Micro Deep Security

Enterprises have begun adopting network virtualization for their IT infrastructure. According to a 2016 survey conducted by Accenture, 95 percent of small, medium, and large enterprises believe “network services will be virtualized.” Meanwhile, 25 percent of those who have adopted network...

6.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/10/19 3:13 p.m.32 views

Trend Micro Top Again for Breach Detection, Says NSS Labs

In spite of a rapidly evolving landscape, data breaches remain among the most common and damaging cyber-threats facing organizations today. As digital transformation efforts take hold, so the corporate attacks surface grows, offering more opportunities for the bad guys to take aim at highly prize...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/08/30 12:0 a.m.3 views

Peace of Mind Companion App Has Logic Gaps

Anxiety Accompanying App is a mobile life application based on the mobile medical field, focusing on medical consultation accompaniment. There is a logic loophole in Anxin accompanying clinic APP, which can be exploited by an attacker to arbitrarily register users and arbitrarily reset their...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/07/31 2:32 p.m.8 views

chromium-browser: url spoofing in omnibox

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...

6.5CVSS7.4AI score0.01342EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2017/04/06 12:0 a.m.6 views

The vulnerability of the MantisBT error tracking system allows a hacker to execute arbitrary HTML or JavaScript code.

The vulnerability of the MantisBT error tracking system’s component exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML or JavaScript code through changes to the windowtitle element...

4.3CVSS6.7AI score0.00813EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/02/09 12:0 a.m.7 views

Vulnerability of the Java Platform software platform, which allows a perpetrator to gain access to data for reading purposes

The vulnerability of the Java Platform’s networking software components is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to data through network packets...

4.3CVSS6.7AI score0.02184EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/01/26 12:0 a.m.8 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of Qualcomm’s Android operating system’s media codecs is related to lack of access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.3CVSS7.6AI score0.01606EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2016/11/16 6:4 p.m.12 views

IBM Opens Attack Simulation Test Center

CAMBRIDGE, Ma. – IBM cut the ribbon on its new global security headquarters Wednesday that will also serve as command center for its just announced X-Force Incident Response and Intelligence Services. The centerpiece of the new 153,000-sqft facility is the company’s Cyber Range which IBM bills as...

7AI score
Exploits0References1
myhack58
myhack58
added 2016/08/09 12:0 a.m.15 views

Samsung pay gaps can lead to a hack trade hijacking-vulnerability warning-the black bar safety net

! Spanish security researcher Salvador Mendoza found Samsung Pay a security vulnerability, this vulnerability once exploited, hackers will be able to use another device to the victims of the trade hijacking. Based on a contactless payment system, is many of the newer Samsung phones with the...

6.7AI score
Exploits0
Rows per page
Query Builder