Lucene search
K

9165 matches found

Hacker One
Hacker One
added 2019/11/08 1:7 a.m.27 views

Mail.ru: An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing

Domain, site, application -- https://e.mail.ru Quick note: this report is different from my previous report Report 727233 , and is not policy configuration or enforcement issue as well. TL;DR --------- This report disclosure an implementation bug, which chains multiple features in the Mail.ru...

Exploits0
RedhatCVE
RedhatCVE
added 2019/11/02 9:33 p.m.57 views

CVE-2017-18232

The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code...

5.5CVSS4.5AI score0.00424EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/31 12:0 a.m.38 views

SUSE SLED12 / SLES12 Security Update : dbus-1 (SUSE-SU-2019:2820-1)

This update for dbus-1 fixes the following issues : Security issue fixed : CVE-2019-12749: Fixed an implementation flaw in DBUSCOOKIESHA1 which could have allowed local attackers to bypass authentication bsc1137832. Note that Tenable Network Security has extracted the preceding description block...

7.1CVSS7.2AI score0.00555EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2019/10/25 12:0 a.m.28 views

Mbed TLS -- Side channel attack on ECDSA

Janos Follath reports: Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it as it is smaller than RSA keys and not guaranteed to have only large prime factors, and then, by brute force, recover the key...

4.7CVSS3.1AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2019/10/22 2:40 a.m.5 views

USN-4163-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...

10CVSS7AI score0.07619EPSS
Exploits3References11
Ubuntu
Ubuntu
added 2019/10/22 2:37 a.m.191 views

USN-4157-2: Linux kernel (HWE) vulnerabilities

USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly...

10CVSS7.1AI score0.07619EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2019/10/22 12:0 a.m.54 views

Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4157-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4157-2 advisory. USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement H...

10CVSS7.5AI score0.07619EPSS
Exploits3References10
RedHat Linux
RedHat Linux
added 2019/10/21 7:2 p.m.3 views

OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS7.4AI score0.03362EPSS
Exploits0References4
RustSec
RustSec
added 2019/10/20 12:0 p.m.22 views

Unsound `impl Follow for bool`

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...

9.8CVSS3.4AI score0.00575EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 2019/10/18 6:53 p.m.95 views

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic...

0.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.28 views

Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza SQL Extensions

Summary Open Source Botan is used by IBM Netezza SQL Extensions. IBM Netezza SQL Extensions has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-14737 DESCRIPTION: Botan could allow a local attacker to obtain sensitive information, caused by a flaw in the cryptographic...

5.5CVSS0.8AI score0.00318EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2019/10/17 9:59 a.m.8 views

OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS7.4AI score0.03362EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/10/17 12:0 a.m.47 views

Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4157-1)

Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-14814, CVE-2019-14815,...

10CVSS7.3AI score0.07619EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.47 views

Adobe Acrobat < 2015.006.30504 / 2017.011.30150 / 2019.021.20047 Multiple Vulnerabilities (APSB19-49) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2015.006.30504, 2017.011.30150, or 2019.021.20047. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier,...

10CVSS7.6AI score0.22886EPSS
Exploits9References69
BDU FSTEC
BDU FSTEC
added 2019/10/16 12:0 a.m.3 views

The vulnerability relates to the implementation of the HTTP/2 server using the nginx software framework and Node.js, as well as the SwiftNIO networking library. It involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the HTTP/2 server implementation of nginx, a Node.js software platform, and the SwiftNIO networking framework is related to an uncontrolled resource consumption when processing a header with a parameter equal to zero. Exploiting this vulnerability could allow a malicious acto...

7.8CVSS5.5AI score0.56262EPSS
Exploits0References15Affected Software9
RustSec
RustSec
added 2019/10/11 12:0 p.m.20 views

generichash::Digest::eq always return true

PartialEq implementation for generichash::Digest has compared itself to itself. Digest::eq always returns true and Digest::ne always returns false...

9.8CVSS2.3AI score0.01484EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/10/11 12:0 p.m.24 views

RUSTSEC-2019-0026 generichash::Digest::eq always return true

PartialEq implementation for generichash::Digest has compared itself to itself. Digest::eq always returns true and Digest::ne always returns false...

9.8CVSS9.4AI score0.01484EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/10/10 4:18 p.m.28 views

CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Mitigation ...

7.1CVSS1.9AI score0.0759EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/10/10 7:20 a.m.163 views

Important: Red Hat Security Advisory: Red Hat A-MQ Broker 7.5 release and security update

Red Hat A-MQ Broker 7.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.5CVSS6.6AI score0.95821EPSS
Exploits4References5
Exploit DB
Exploit DB
added 2019/10/09 12:0 a.m.343 views

XNU - Remote Double-Free via Data Race in IPComp Input Path

=== Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK isn't affected over two network interfaces at the same time...

7.4AI score
Exploits0
Rows per page
Query Builder