Lucene search
K

125 matches found

CVE
CVE
added 2019/10/03 1:31 p.m.80 views

CVE-2019-3834

Technical details for CVE-2019-3834 are not publicly provided in the supplied documents. No affected products, impact, or fixes are explicitly detailed here. Monitor for updates in connected sources.

7.3CVSS7.9AI score0.01014EPSS
Exploits0References1Affected Software1
Wired Threat Level
Wired Threat Level
added 2018/09/04 8:8 p.m.7 views

Jon Kyl Will Take McCain's Senate Seat

The governor of Arizona announced Tuesday that Jon Kyl will replace the Senate seat vacated by the late John McCain. He may now further push to regulate tech giants like Facebook...

2.2AI score
Exploits0
MSRC
MSRC
added 2018/03/14 7:0 a.m.7 views

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...

7AI score
Exploits0
MSRC
MSRC
added 2018/03/14 7:0 a.m.14 views

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...

1.1AI score
Exploits0
ThreatPost
ThreatPost
added 2017/03/20 10:35 a.m.5 views

Jon Oberheide on Perimeter Security

Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google’s BeyondCorp security model, enforcing perimeter security, how endpoint security has evolved through the years, and the future of passwords. Download: JonOberheideonPerimeterSecurity.mp3 Music by Chr...

3.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/03/14 6:3 a.m.86 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS7.1AI score0.17484EPSS
Exploits8References11
Tenable Nessus
Tenable Nessus
added 2017/03/09 12:0 a.m.30 views

RHEL 7 : firefox (RHSA-2017:0461)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:0461 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fixes: Multiple flaws were found i...

10CVSS8.2AI score0.17484EPSS
Exploits8References22
RedHat Linux
RedHat Linux
added 2017/03/08 3:53 p.m.75 views

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

10CVSS7.1AI score0.17484EPSS
Exploits8References11
OSV
OSV
added 2016/09/27 3:59 p.m.2 views

CVE-2016-6330

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

9.8CVSS6.1AI score0.10625EPSS
Exploits0References3
CVE
CVE
added 2016/09/27 3:0 p.m.58 views

CVE-2016-6330

CVE-2016-6330 affects Red Hat JBoss Operations Network (JON). The issue allows remote code execution via a crafted HTTP request when SSL authentication is not configured for JON server/agent communication, linked to message deserialization. Affected versions are before 3.3.6; the root cause relat...

9.8CVSS9.8AI score0.10625EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/09/07 7:0 p.m.59 views

CVE-2016-5422

The CVE-2016-5422 issue affects Red Hat JBoss Operations Network (JON) prior to 3.3.7. The web console fails to properly authorize requests to add users with the super user role, enabling remote authenticated users to elevate privileges to admin via a crafted POST. The widely cited Red Hat adviso...

8.8CVSS8.4AI score0.02139EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2016/08/26 1:12 a.m.33 views

CVE-2016-3737

It was discovered that sending specially crafted HTTP request to the JON server would allow deserialization of that message without authentication. An attacker could use this flaw to cause remote code execution. Mitigation Apply the configuration changes described in the documentation here: For...

9CVSS9.2AI score0.06706EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2016/05/25 2:18 a.m.8 views

Apple hires Encryption Expert to Beef Up Security on its Devices

The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in ...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2016/05/24 5:41 p.m.7 views

Apple Hires Crypto Innovator Jon Callas

Jon Callas, equal parts security entrepreneur and innovator, has been hired at Apple for what will be his third stint with the company. Callas left Silent Circle, a company he cofounded, in April after four years there. Silent Circle designs and produces secure communication platforms, including...

6.7AI score
Exploits0References8
Drupal
Drupal
added 2015/10/07 12:0 a.m.16 views

Stickynote - Cross Site Scripting (XSS) - Moderately Critical - SA-CONTRIB-2015-154

This module enables you to create notes on a page inside a block. The module doesn't sufficiently sanitize the note text on the admin listing page. This vulnerability is mitigated by the fact that an attacker must have a role with a permission to create or edit a stickynote. CVE identifiers issue...

5.4CVSS5.4AI score0.00887EPSS
Exploits0References10
seebug.org
seebug.org
added 2015/09/25 12:0 a.m.26 views

WordPress 3.8.2 cookie 伪造漏洞

0x00 背景 看了WordPress 3.8.2补丁分析 HMAC timing attack,眼界大开,原来还可以利用时间差来判断HMAC。 但我总觉得这个漏洞并不是简单的修复这个问题。 查看了官方提供的资料:“该漏洞是由WordPress的安全团队成员Jon Cave发现。”。 也许漏洞还有这样利用的可能。 0x01 PHP的特性 当PHP在进行 ”==”,”!=”等非严格匹配的情况下,会按照值的实际情况,进行强制转换。 当有一个对比参数是整数的时候,会把另外一个参数强制转换为整数。 0x02 分析修复的代码 官方版的diff只在php里改动了一个位置:...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2014/11/20 9:28 p.m.31 views

Gather Kademlia Server Information

This module uses the Kademlia BOOTSTRAP and PING messages to identify and extract information from Kademlia speaking UDP endpoints, typically belonging to eMule/eDonkey/BitTorrent servers or other P2P applications. This module requires Metasploit: https://metasploit.com/download Current source:...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.39 views

Linux Kernel < 2.6.14.6 procfs Kernel Memory Disclosure Exploit

/ cve-2005-4605.c Linux Kernel 2.6.14.6 procfs Kernel Memory Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605 The procfs code procmisc.c in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers ...

2.1CVSS4.9AI score0.01047EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Linux Kernel < 2.6.30.5 cfg80211 Remote Denial of Service Exploit

No description provided by source. / cfg80211-remote-dos.c Linux Kernel 2.6.30.5 cfg80211 Remote DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://patchwork.kernel.org/patch/41218/ These pointers can be NULL, the ismesh case isn't ever hit in the current kernel, but...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.47 views

OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS

No description provided by source. / cve-2009-1378.c OpenSSL = 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 In dtls1processoutofseqmessage the check if the...

5CVSS0.1AI score0.12746EPSS
Exploits12
Rows per page
Query Builder