Lucene search
K

9165 matches found

OSV
OSV
added 2019/10/08 12:40 p.m.6 views

SUSE-SU-2019:14190-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. bsc1076958 Non-security issue fixed: - Removed cache size...

7.5CVSS7.5AI score0.02697EPSS
Exploits0References4
Prion
Prion
added 2019/10/07 12:15 p.m.14 views

Code injection

The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...

5.8CVSS7.2AI score0.01025EPSS
Exploits1References3Affected Software1
RustSec
RustSec
added 2019/10/06 12:0 p.m.22 views

Incorrect implementation of the Streebog hash functions

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

1.1AI score
Exploits0Affected Software1
OSV
OSV
added 2019/10/06 12:0 p.m.15 views

RUSTSEC-2019-0030 Incorrect implementation of the Streebog hash functions

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

7.5CVSS7.4AI score0.01327EPSS
Exploits2References3
Schneier on Security
Schneier on Security
added 2019/10/04 5:4 p.m.104 views

More Cryptanalysis of Solitaire

In 1999, I invented the Solitaire encryption algorithm, designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon, and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I mad...

0.4AI score
Exploits0
OSV
OSV
added 2019/10/01 10:23 a.m.7 views

OPENSUSE-SU-2019:2232-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...

7.8CVSS7.4AI score0.82017EPSS
Exploits0References8
MSRC
MSRC
added 2019/09/30 4:45 p.m.54 views

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...

1.2AI score
Exploits0
MSRC
MSRC
added 2019/09/30 7:0 a.m.15 views

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...

2AI score
Exploits0
NVD
NVD
added 2019/09/24 6:15 p.m.20 views

CVE-2019-16754

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation asymcute, potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message an...

7.5CVSS7.4AI score0.01472EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/09/17 12:0 a.m.28 views

Cisco NX-OS Precision Time Protocol (PTP) Denial of Service Vulnerability

According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service DoS vulnerability which exists in its Precision Time Protocol PTP implementation due to a lack of protection against PTP frame flood attacks. An unauthenticated, remote attacker can exploit this...

8.6CVSS7.9AI score0.04483EPSS
Exploits0References3
Veracode
Veracode
added 2019/09/16 3:26 p.m.10 views

Deserialization Of Untrusted Data

FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to CXF JAX-RS implementation by default...

3.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/16 12:0 a.m.44 views

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1908)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...

6.8CVSS7.2AI score0.58204EPSS
Exploits9References3
Kaspersky
Kaspersky
added 2019/09/15 12:0 a.m.65 views

KLA11583 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability can be exploited to execute...

10CVSS8.9AI score0.22886EPSS
Exploits9References8
AlmaLinux
AlmaLinux
added 2019/09/10 3:32 p.m.14 views

python27:2.7 bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...

1.2AI score
Exploits0References1
OSV
OSV
added 2019/09/10 3:32 p.m.6 views

ALBA-2019:2717 python27:2.7 bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...

7.2AI score
Exploits0References1
Rockylinux
Rockylinux
added 2019/09/10 3:32 p.m.14 views

python36:3.6 bug fix update

An update is available for python-docutils, python-pygments, python-PyMySQL, python-docs, python36, python-nose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

0.5AI score
Exploits0
AlmaLinux
AlmaLinux
added 2019/09/10 3:32 p.m.10 views

python36:3.6 bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...

1.2AI score
Exploits0References1
OSV
OSV
added 2019/09/10 3:32 p.m.3 views

ALBA-2019:2716 python36:3.6 bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...

7.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/09/09 2:51 p.m.22 views

CVE-2019-15919

An flaw was discovered in the Linux kernel's CIFS client implementation. While issuing an SMB2write, a value can be used after it was intended to be freed when CIFS function tracing is enabled. Even though the data is used after being freed, using it to for privilege escalation does not seem...

7.8CVSS0.7AI score0.00435EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/09/09 12:0 a.m.21 views

Fedora Update for kea FEDORA-2019-0811a88d77

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.5AI score0.00796EPSS
Exploits0References2
Rows per page
Query Builder