Lucene search
K

7691 matches found

Tenable Nessus
Tenable Nessus
added 2017/11/13 12:0 a.m.57 views

GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)

The remote host is affected by the vulnerability described in GLSA-201711-03 hostapd and wpasupplicant: Key Reinstallation KRACK attacks WiFi Protected Access WPA and WPA2 and its associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for...

8.1CVSS7.3AI score0.04575EPSS
Exploits1References12
Fedora
Fedora
added 2017/11/11 3:23 a.m.24 views

[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

7.5CVSS0.08465EPSS
Exploits0
Veeam
Veeam
added 2017/11/10 8:9 a.m.15 views

General Security Guidelines for Veeam Self-Service Backup Portal

Security Considerations The security advice in this article is provided as a courtesy and is not intended to replace the advice of a professional security consultant. The advice in this article has been tested with the assumption that the machine operating Veeam Backup Enterprise Manager and/or...

5.8AI score
Exploits0
seebug.org
seebug.org
added 2017/11/09 12:0 a.m.34 views

Circle with Disney Rclient SSL TLD MITM Vulnerability(CVE-2017-2911)

Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...

6.2AI score0.00673EPSS
Exploits2
NVD
NVD
added 2017/11/07 4:29 p.m.21 views

CVE-2017-2913

An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...

8.1CVSS6.3AI score0.00673EPSS
Exploits2References1
Prion
Prion
added 2017/11/07 4:29 p.m.14 views

Design/Logic Flaw

An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...

2.6CVSS5.6AI score0.00673EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2017/11/07 4:29 p.m.15 views

Design/Logic Flaw

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...

2.6CVSS5.7AI score0.00673EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2017/11/07 4:29 p.m.23 views

CVE-2017-2912

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificat...

7.4CVSS6.2AI score0.00663EPSS
Exploits2References1
NVD
NVD
added 2017/11/07 4:29 p.m.29 views

CVE-2017-2911

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...

9CVSS6.6AI score0.00673EPSS
Exploits2References1
CVE
CVE
added 2017/11/07 4:0 p.m.52 views

CVE-2017-2913

CVE-2017-2913 affects Circle with Disney and specifically the libbluecoat.so SSL validation path. The TALOS/NVD entries describe an exploitable MITM-style issue where SSL certificates for certain domain names can cause the Blue Coat library to accept a different certificate than intended, enablin...

8.1CVSS5.6AI score0.00673EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.25 views

CVE-2017-2911

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...

9CVSS5.7AI score0.00673EPSS
Exploits2References1
CVE
CVE
added 2017/11/07 4:0 p.m.49 views

CVE-2017-2912

CVE-2017-2912 affects Circle with Disney firmware 2.0.1 via the goclient SSL validation in the remote-control feature. The vulnerability arises because SSL certificate checking is insufficient: certificates for specific domains can cause goclient to accept an unintended certificate, enabling a MI...

7.4CVSS5.7AI score0.00663EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.22 views

CVE-2017-2912

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificat...

7.4CVSS5.7AI score0.00663EPSS
Exploits2References1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.23 views

CVE-2017-2913

An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...

8.1CVSS5.6AI score0.00673EPSS
Exploits2References1
Kitploit
Kitploit
added 2017/11/06 9:30 p.m.41 views

CrunchRAT - HTTPS-based Remote Administration Tool (RAT)

CrunchRAT currently supports the following features: File upload File download Command execution It is currently single-threaded only one task at a time, but multi-threading or multi-tasking is currently in the works. Additional features will be included at a later date. Server The server-side of...

7.5AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/11/03 4:7 p.m.14 views

eventbank.com XSS vulnerability

Open Bug Bounty ID: OBB-390833 Description| Value ---|--- Affected Website:| eventbank.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/11/03 2:57 p.m.27 views

Reduce cloud adoption risks and deliver superior digital experiences with Akamai Cloud Delivery Platform - Part 1

Businesses are rapidly moving to the cloud and a recent IDG survey indicates that 70% of businesses have at least 1 application in the cloud and 16% plan to take their first app to the cloud in the next 12 months. However public cloud providers present their own challenges. They are unreliable...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/11/03 12:30 p.m.14 views

Threatpost News Wrap Podcast for Nov. 3

Threatpost editors Mike Mimoso and Tom Spring discuss the week’s top information security news stories, including Google’s decision to drop HTTP Public Key Pinning in Chrome, a vulnerability in Google’s Issue Tracker, Mozilla’s decision to ban Canvas Fingerprinting, and a HTTPS issue with...

0.2AI score
Exploits0References7
OpenVAS
OpenVAS
added 2017/11/03 12:0 a.m.11 views

akka HTTP Detection

Detection of akka HTTP server. The script sends a connection request to the server and attempts to detect akka HTTP server and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

7AI score
Exploits0References1
Mageia
Mageia
added 2017/10/30 7:23 p.m.42 views

Updated opensc_etc packages fix security vulnerability

A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...

5.9CVSS1.3AI score0.09825EPSS
Exploits0References2
Rows per page
Query Builder