Lucene search
K

9178 matches found

OSV
OSV
added 2020/01/21 9:18 p.m.24 views

GHSA-6X3V-RW2Q-9GX7 Improper implementation of the session fixation protection in Infinispan

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...

9.8CVSS7.2AI score0.01957EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2020/01/21 4:41 p.m.54 views

USN-4245-1: PySAML2 vulnerability

It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data...

7.5CVSS7.5AI score0.01207EPSS
Exploits0
Debian
Debian
added 2020/01/20 11:59 a.m.60 views

[SECURITY] [DSA 4606-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...

8.8CVSS9AI score0.15537EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2020/01/16 3:4 p.m.69 views

Critical: Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security and bug fix update

An update for dotnet3.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.3CVSS7.2AI score0.19982EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/01/14 7:15 p.m.23 views

CVE-2019-13722

Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS7AI score0.01001EPSS
Exploits0References3
CVE
CVE
added 2020/01/14 7:0 p.m.258 views

CVE-2019-13722

CVE-2019-13722 concerns an inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79, which could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability affects Chrome WebRTC code and arises from improper handling that may lead to memory ...

6.5CVSS6.8AI score0.01001EPSS
Exploits0References3Affected Software1
Schneier on Security
Schneier on Security
added 2020/01/14 1:42 p.m.26 views

5G Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping i...

7.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.63 views

CVE-2020-0601, aka NSACrypt

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

8.1CVSS8.4AI score0.89436EPSS
In wildExploits14References5
Tenable Nessus
Tenable Nessus
added 2020/01/13 12:0 a.m.48 views

EulerOS Virtualization for ARM 64 3.0.5.0 : wpa_supplicant (EulerOS-SA-2020-1073)

According to the versions of the wpasupplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain...

8.1CVSS6.5AI score0.05372EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/01/13 12:0 a.m.29 views

EulerOS Virtualization for ARM 64 3.0.5.0 : libgcrypt (EulerOS-SA-2020-1085)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected:...

6.3CVSS6.5AI score0.02063EPSS
Exploits0References3
VMware
VMware
added 2020/01/12 12:0 a.m.47 views

VMSA-2020-0003:vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities

Advisory ID: VMSA-2020-0003 CVSSv3 Range: 5.3-9.0 Issue Date:2020-02-18 Updated On: 2020-02-18 Initial Advisory CVEs: CVE-2020-3943, CVE-2020-3944, CVE-2020-3945 Synopsis: vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities CVE-2020-3943, CVE-2020-3944,...

9.8CVSS9.2AI score0.02331EPSS
Exploits0References18Affected Software1
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.29 views

Fedora Update for libssh FEDORA-2019-8b0ad69829

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS7.8AI score0.0316EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.8 views

Fedora Update for freetds FEDORA-2019-b67929609d

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OSV
OSV
added 2020/01/08 12:0 p.m.33 views

RUSTSEC-2020-0045 bespoke Cell implementation allows obtaining several mutable references to the same data

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...

9.1CVSS9.1AI score0.0141EPSS
Exploits1References3
RustSec
RustSec
added 2020/01/08 12:0 p.m.24 views

bespoke Cell implementation allows obtaining several mutable references to the same data

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...

5.5CVSS3.5AI score0.00374EPSS
Exploits1Affected Software1
Ubuntu
Ubuntu
added 2020/01/07 2:16 a.m.257 views

USN-4226-1: Linux kernel vulnerabilities

Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. CVE-2019-10220 It was discovered that a heap-based buffer overflow existed in the...

10CVSS7.2AI score0.16908EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/01/07 12:0 a.m.119 views

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4227-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4227-1 advisory. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attack...

10CVSS7.5AI score0.16908EPSS
Exploits1References15
Fedora
Fedora
added 2020/01/03 8:36 p.m.26 views

[SECURITY] Fedora 30 Update: libssh-0.9.3-1.fc30

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

9.3CVSS3.6AI score0.0316EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/01/03 10:58 a.m.60 views

Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one such recent privacy mishap, smart IP...

Exploits0
Cvelist
Cvelist
added 2020/01/02 6:39 p.m.21 views

CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

8.7AI score0.01091EPSS
Exploits0References1
Rows per page
Query Builder