Lucene search
K

7691 matches found

Github Security Blog
Github Security Blog
added 2021/04/22 4:14 p.m.82 views

Missing Authentication for Critical Function in Apache Calcite

"HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...

5.9CVSS0.4AI score0.02115EPSS
Exploits0References5Affected Software3
Fedora
Fedora
added 2021/04/21 9:49 p.m.61 views

[SECURITY] Fedora 32 Update: curl-7.69.1-8.fc32

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

5.3CVSS0.05301EPSS
Exploits2
NVD
NVD
added 2021/04/21 7:15 p.m.14 views

CVE-2020-28973

The ABUS Secvest wireless alarm system FUAA50000 v3.01.17 fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to...

7.5CVSS0.00984EPSS
Exploits0References1
Veracode
Veracode
added 2021/04/21 6:13 p.m.43 views

Spoofable Secure Lock Icon

firefox:sid is using spoofable Secure Lock icon. Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page...

6.5CVSS7.1AI score0.00554EPSS
Exploits0References5Affected Software9
Veracode
Veracode
added 2021/04/21 6:12 p.m.20 views

Man-in-the-Middle (MitM)

nim is vulnerable to man-in-the-middle attack. nimble refresh fetches a list of Nimble packages over HTTPS by default. However, in case of an error, a non-TLS URL http://irclogs.nim-lang.org/packages.json is used and allows an attacker to perform MitM and deliver a modified package list containin...

7.5CVSS1.5AI score0.01155EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/04/21 6:12 p.m.19 views

Man-In-The-Middle Attack

Nim is vulnerable to man-in-the-middle attack. The vulnerability exists when during 'nimble refresh', the system fetches a list of Nimble packages over HTTPS without verifying the SSL/TLS certificate, allowing an attacker to perform man-in-the-middle attack by delivering a modified malicious...

8.1CVSS1.5AI score0.01035EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2021/04/21 12:0 a.m.25 views

Oracle MySQL Server <= 5.7.30 / 8.0 <= 8.0.17 Security Update (cpuapr2021) - Windows

Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.9CVSS5.6AI score0.0111EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2021/04/20 8:40 p.m.198 views

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was...

8.5AI score0.01214EPSS
Exploits0References9
Kitploit
Kitploit
added 2021/04/20 12:30 p.m.43 views

Reproxy - Simple Edge Server / Reverse Proxy

Reproxy is a simple edge HTTPs server / reverse proxy supporting various providers docker, static, file. One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL...

6.8AI score
Exploits0References6
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2019:3266-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.07124EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2021:0241-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.1AI score0.01569EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2020:0699-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.8AI score0.01366EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.33 views

Fedora 33 : curl (2021-cab5c9befb)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-cab5c9befb advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in...

5.3CVSS6.4AI score0.05301EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.143 views

Mozilla Firefox ESR < 78.10

The version of Firefox ESR installed on the remote Windows host is prior to 78.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-15 advisory. - Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port...

8.8CVSS8.5AI score0.01764EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.42 views

FreeBSD : Apache Maven -- multiple vulnerabilities (20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a)

The Apache Maven project reports : We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues : - Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories u...

9.1CVSS6.8AI score0.08691EPSS
Exploits2References4
Rapid7 Blog
Rapid7 Blog
added 2021/04/16 2:41 p.m.63 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350

Today, we are excited to release the second report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2021/04/15 12:30 p.m.331 views

Swissknife - Scriptable VSCode Extension To Generate Or Manipulate Data. Stop Pasting Sensitive Data In Webpag

The developers swissknife. Do conversions and generations right out of vs code. Extendable with user scripts Available in the Visual Studio Marketplace Currently available scripts Base64 decode Base64 encode Binary To Text Bip39 Mnemonic CSV to Markdown Count characters Count words Crypto currenc...

6.8AI score
Exploits0References4
NVD
NVD
added 2021/04/15 12:15 a.m.19 views

CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

4.3CVSS0.01232EPSS
Exploits0References1
OSV
OSV
added 2021/04/15 12:15 a.m.2 views

CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

3.7CVSS5.8AI score0.01232EPSS
Exploits0References1
Prion
Prion
added 2021/04/15 12:15 a.m.20 views

Hardcoded credentials

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

4.3CVSS4.2AI score0.01232EPSS
Exploits0References1Affected Software4
Rows per page
Query Builder