Lucene search
K

9182 matches found

BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.5 views

The vulnerability of the stealth mode feature in the LibreOffice office software package allows a intruder to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the stealth mode feature in the LibreOffice office software package is related to the incorrect implementation of security mechanisms. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information, execute...

10CVSS5.8AI score0.03089EPSS
Exploits0References8Affected Software5
Prion
Prion
added 2019/08/17 6:15 p.m.12 views

Design/Logic Flaw

RIOT through 2019.07 contains a memory leak in the TCP implementation gnrctcp, allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to receive in sys/net/gnrc/transportlayer/tcp/gnrctcpeventloop.c...

7.8CVSS7.4AI score0.01512EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/08/17 5:54 p.m.17 views

CVE-2019-15134

RIOT through 2019.07 contains a memory leak in the TCP implementation gnrctcp, allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to receive in sys/net/gnrc/transportlayer/tcp/gnrctcpeventloop.c...

7.5AI score0.01512EPSS
Exploits1References1
CVE
CVE
added 2019/08/17 5:54 p.m.243 views

CVE-2019-15134

CVE-2019-15134 affects RIOT OS (GNRC TCP) up through 2019.07. The issue is a memory leak in the TCP implementation (gnrc_tcp) triggered in _receive within sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c when an ACK is received before a SYN. This can cause unbounded memory consumption for ne...

7.8CVSS7.4AI score0.01512EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2019/08/16 12:0 a.m.41 views

openSUSE: Security Advisory for java-11-openjdk (openSUSE-SU-2019:1916-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.8CVSS6.4AI score0.09393EPSS
Exploits3References2
OSV
OSV
added 2019/08/15 9:50 a.m.14 views

OPENSUSE-SU-2019:1916-1 Security update for java-11-openjdk

This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769:...

5.8CVSS5.3AI score0.09393EPSS
Exploits3References21
OSV
OSV
added 2019/08/15 9:47 a.m.7 views

OPENSUSE-SU-2019:1912-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...

5.8CVSS5.6AI score0.09393EPSS
Exploits3References18
OPENSUSE Linux
OPENSUSE Linux
added 2019/08/15 12:0 a.m.97 views

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2019:1912-1 Rating: important References: 1115375 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786...

5.8CVSS8.6AI score0.09393EPSS
Exploits3References9
Veracode
Veracode
added 2019/08/14 12:12 a.m.52 views

Information Disclosure

kernel is vulnerable to information disclosure. A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel...

5.6CVSS1.8AI score0.04521EPSS
Exploits4References20Affected Software6
Tenable Nessus
Tenable Nessus
added 2019/08/14 12:0 a.m.104 views

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4093-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4093-1 advisory. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause...

9.8CVSS7.8AI score0.52199EPSS
Exploits27References8
Tenable Nessus
Tenable Nessus
added 2019/08/14 12:0 a.m.78 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4095-1 advisory. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during...

9.8CVSS7.8AI score0.52199EPSS
Exploits30References9
Ubuntu
Ubuntu
added 2019/08/13 4:1 p.m.217 views

USN-4094-1: Linux kernel vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...

9.8CVSS7.7AI score0.52199EPSS
Exploits37
OSV
OSV
added 2019/08/12 9:8 p.m.8 views

MGASA-2019-0220 Updated kernel packages fix security vulnerabilities

This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An...

5.6CVSS6.5AI score0.04521EPSS
Exploits5References11
Node.js
Node.js
added 2019/08/12 6:9 p.m.21 views

Sensitive Data Exposure

Overview Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography ECC implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is n...

7.5CVSS3.4AI score0.07035EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.47 views

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-4080-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4080-1 advisory. Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side- channel attacks. An attacker could possibly use thi...

5.8CVSS7.8AI score0.09393EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.47 views

Debian DSA-4495-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2018-20836 chenxiang reported a race condition in libsas, the kernel subsystem supporting Serial Attached SCSI SAS devices, which could lead to a...

9.3CVSS7.4AI score0.05111EPSS
Exploits8References27
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.32 views

Oracle Linux 7 : kernel (ELSA-2019-1873)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1873 advisory. - net tcp: enforce tcpminsndmss in tcpmtuprobing Florian Westphal 1719914 1719915 CVE-2019-11479 - net tcp: add tcpminsndmss sysctl Florian Westphal...

8CVSS6.6AI score0.98745EPSS
Exploits4References5
Fedora
Fedora
added 2019/08/11 1:14 a.m.12 views

[SECURITY] Fedora 30 Update: icedtea-web-1.8-3.fc30

The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start originally based on the Netx project and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations...

1.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2019/08/09 1:46 a.m.80 views

How Apple Pay Buttons Can Make Websites Less Safe

Apple Pay itself is safe. But the way websites implement it can cause serious problems...

1.9AI score
Exploits0
Veracode
Veracode
added 2019/08/07 5:45 a.m.26 views

Insecure Cryptography

msrcrypto is vulnerable to insecure cryptography. The vulnerability exists as there are issues with the Elliptic Curve Cryptography ECC implementation, allowing invalid ECDSA signatures to be created through the learning of a server's private ECC key...

9.8CVSS3AI score0.07035EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder