Lucene search
K

7691 matches found

Malwarebytes
Malwarebytes
added 2021/07/12 12:28 p.m.59 views

DNS-over-HTTPS takes another small step towards global domination

Firefox recently announced that it will be rolling out DNS-over-HTTPS or DoH soon to one percent of its Canadian users as part of its partnership with CIRA the Canadian Internet Registration Authority, the Ontario-based organization responsible for managing the .ca top-level domain for Canada and...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/07/08 12:0 a.m.93 views

Symantec Endpoint Protection Manager < 14.3 RU2 Session Token Exposure (SYMSA18255)

The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is prior to 14.3 RU2. It is therefore affected by a vulnerability. HTTPS GET parameters may include session tokens, which could be logged. Note that Nessus has not tested for this issue but has instead relied on...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2021/07/07 12:0 a.m.36 views

go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters

The Go project reports: crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...

6.5CVSS2.4AI score0.07032EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/07/07 12:0 a.m.27 views

NTPd <= 4.2.0 Privilege Escalation Vulnerability

NTPd is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription...

4.6CVSS6.7AI score0.00445EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2021/07/02 7:13 p.m.15 views

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million...

7.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/07/01 12:0 a.m.29 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2049)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3...

5.3CVSS6.4AI score0.05301EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2021/07/01 12:0 a.m.32 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2060)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3...

5.3CVSS6.4AI score0.05301EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2021/07/01 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2049)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.05301EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2021/06/25 10:37 a.m.92 views

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have...

10CVSS2.6AI score0.90049EPSS
Exploits2
Metasploit
Metasploit
added 2021/06/24 5:43 p.m.85 views

Cisco DCNM auth bypass

This exploit is able to add an admin account to a Cisco DCNM with credentials you can choose. After that, you can login to the web interface with those credentials. The only necessary condition is the more or less recent connection of an admin as this exploit uses a kind of session stealing. Modu...

10CVSS9.3AI score0.85649EPSS
Exploits7
OSV
OSV
added 2021/06/24 5:15 p.m.3 views

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

6.5CVSS5.8AI score0.00626EPSS
Exploits0References1
NVD
NVD
added 2021/06/24 5:15 p.m.20 views

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

6.5CVSS0.00626EPSS
Exploits0References1
Prion
Prion
added 2021/06/24 5:15 p.m.20 views

Input validation

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

5.8CVSS6.5AI score0.00626EPSS
Exploits0References1Affected Software128
CVE
CVE
added 2021/06/24 5:0 p.m.94 views

CVE-2021-21571

CVE-2021-21571 concerns the Dell BIOSConnect/HTTPS Boot stack in Dell UEFI BIOS. The vulnerability is due to improper certificate validation in the BIOSConnect HTTPS path, enabling a MITM attacker to remotely deliver content and potentially cause denial of service and payload tampering. Affected ...

6.5CVSS6.8AI score0.00626EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/24 5:0 p.m.25 views

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

5.9CVSS6.9AI score0.00626EPSS
Exploits0References1
NVD
NVD
added 2021/06/24 2:15 p.m.18 views

CVE-2021-23998

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS0.00554EPSS
Exploits0References4
CVE
CVE
added 2021/06/24 1:25 p.m.302 views

CVE-2021-23998

CVE-2021-23998 describes a content spoofing vulnerability in Firefox/Thunderbird: through complex navigation involving new windows, an HTTP page could inherit the lock icon from an HTTPS page. Affected products are Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox

6.5CVSS6.3AI score0.00554EPSS
Exploits0References4Affected Software3
NVD
NVD
added 2021/06/23 11:15 p.m.14 views

CVE-2021-2322

Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1...

8.8CVSS0.01427EPSS
Exploits0References1
OSV
OSV
added 2021/06/23 11:15 p.m.11 views

CVE-2021-2322

Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1...

8.8CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2021/06/23 11:15 p.m.12 views

Design/Logic Flaw

Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1...

6.5CVSS8.5AI score0.01427EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder