Lucene search
K

9164 matches found

OSV
OSV
added 2019/04/12 5:29 p.m.2 views

CVE-2017-14199

A buffer overflow has been found in the Zephyr Project's getaddrinfo implementation in 1.9.0 and 1.10.0...

9.8CVSS6AI score0.01725EPSS
Exploits0References2
NVD
NVD
added 2019/04/12 5:29 p.m.23 views

CVE-2017-14199

A buffer overflow has been found in the Zephyr Project's getaddrinfo implementation in 1.9.0 and 1.10.0...

9.8CVSS9.8AI score0.01725EPSS
Exploits0References2
CERT
CERT
added 2019/04/12 12:0 a.m.174 views

WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

Overview Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and wpasupplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred...

8.1CVSS8.4AI score0.05372EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2019/04/10 12:0 a.m.39 views

FreeBSD -- EAP-pwd side-channel attack

Problem Description: Potential side channel attacks in the SAE implementations used by both hostapd and wpasupplicant see CVE-2019-9494 and VU871675. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there i...

5.9CVSS6.8AI score0.03739EPSS
Exploits0
OSV
OSV
added 2019/04/04 2:14 p.m.4 views

OPENSUSE-SU-2019:1147-1 Security update for openssl-1_1

This update for openssl-11 OpenSSL Security Advisory 6 March 2019 fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes bsc1128189. Other issues addressed: - Fixed a segfault in...

7.4CVSS6.5AI score0.05701EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11694 · Jenkins · Jenkins Kmap Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: A cross-site request forgery issue exists in the form validation methods of KmapJenkinsBuilder.DescriptorImpl, allowing attackers to initiate a connection to an attacker-specifi...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/04/03 12:0 a.m.52 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3932-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3932-1 advisory. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a...

8.1CVSS7.3AI score0.16523EPSS
Exploits19References21
Tenable Nessus
Tenable Nessus
added 2019/04/03 12:0 a.m.43 views

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3932-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3932-2 advisory. USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

8.1CVSS7.3AI score0.16523EPSS
Exploits19References21
Tenable Nessus
Tenable Nessus
added 2019/04/03 12:0 a.m.105 views

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3931-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3931-1 advisory. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a...

8.1CVSS7.1AI score0.16523EPSS
Exploits12References13
Ubuntu
Ubuntu
added 2019/04/02 9:36 p.m.117 views

USN-3933-1: Linux kernel vulnerabilities

It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information kernel memory. CVE-2017-1000410 It was discovered that the USB serial device driver in the Linux...

8.1CVSS6.2AI score0.16523EPSS
Exploits11
Ubuntu
Ubuntu
added 2019/04/02 9:18 p.m.112 views

USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation...

8.1CVSS7AI score0.16523EPSS
Exploits19
Ubuntu
Ubuntu
added 2019/04/02 9:8 p.m.137 views

USN-3932-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. CVE-2017-18249 Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadat...

8.1CVSS7AI score0.16523EPSS
Exploits19
Ubuntu
Ubuntu
added 2019/04/02 7:29 p.m.131 views

USN-3931-1: Linux kernel vulnerabilities

M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...

8.1CVSS6.9AI score0.16523EPSS
Exploits12
Filippo.io
Filippo.io
added 2019/04/02 4:45 p.m.83 views

A Go implementation of Poly1305 that makes sense

Poly1305 is a Message Authentication Code--a cryptographic primitive for authenticating a message with a shared secret key, like HMAC. Although its really a fraction of the complexity of e.g. elliptic curves, most of the implementations Ive read look decidedly like magic, mysteriously multiplying...

7.4AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2019/04/02 12:0 a.m.123 views

Libical: Multiple vulnerabilities

Background An Open Source implementation of the iCalendar protocols and protocol data units. Description Multiple vulnerabilities have been discovered in Libical. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround...

5.5CVSS3AI score0.02106EPSS
Exploits0
Hacker One
Hacker One
added 2019/03/30 2:10 p.m.94 views

Ruby: Ruby is shipping a vulnerable jQuery

No this isn't a report about the website! Ruby ships Darkfish as part of RDoc https://github.com/ruby/ruby/tree/HEAD/lib/rdoc/generator/template/darkfish https://github.com/ruby/rdoc/tree/master/lib/rdoc/generator/template/darkfish https://github.com/ged/darkfish Darkfish includes jQuery v1.6.4,...

4.3CVSS6.9AI score0.29726EPSS
Exploits6
Cvelist
Cvelist
added 2019/03/29 2:20 p.m.13 views

CVE-2018-20378

The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication...

7.8AI score0.02261EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/03/29 12:0 a.m.34 views

SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2019:0787-1)

This update for openssl-11 OpenSSL Security Advisory 6 March 2019 fixes the following issues : Security issue fixed : CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes bsc1128189. Note that Tenable Network Security has extract...

7.4CVSS6.3AI score0.05701EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/03/29 12:0 a.m.30 views

Magento 2.x Multiple Vulnerabilities (Mar 2019)

Magento 2.x is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:magentocommerce:magento"; if...

6.5CVSS6.6AI score0.01881EPSS
Exploits0References1
OSV
OSV
added 2019/03/28 10:22 a.m.5 views

SUSE-SU-2019:0787-1 Security update for openssl-1_1

This update for openssl-11 OpenSSL Security Advisory 6 March 2019 fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes bsc1128189...

7.4CVSS6.6AI score0.05701EPSS
Exploits0References3
Rows per page
Query Builder