Lucene search
K

164 matches found

Fedora
Fedora
added 2018/06/20 1:57 a.m.40 views

[SECURITY] Fedora 28 Update: gnupg-1.4.23-1.fc28

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

7.5CVSS2.7AI score0.08654EPSS
Exploits0
OSV
OSV
added 2018/01/30 8:29 p.m.3 views

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

9.8CVSS5.8AI score0.12313EPSS
Exploits4References4
NVD
NVD
added 2017/12/27 5:8 p.m.17 views

CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...

5.9CVSS5.6AI score0.01119EPSS
Exploits0References5
CNVD
CNVD
added 2017/12/25 12:0 a.m.4 views

Enigmail Information Disclosure Vulnerability (CNVD-2018-00135)

Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and SeaMonkey web packages that provides OpenPGP's email public key encryption and signing capabilities. An information disclosure vulnerability exists in versions of Enigmail prior to 1.9.9. An attacker can exploit th...

7.5CVSS6.1AI score0.01608EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/31 12:0 a.m.4 views

NQ Contacts Backup&Restore Information Disclosure Vulnerability

NQ Contacts Backup&Restore application for Android is a set of data backup and recovery software based on Android platform. A security vulnerability exists in version 1.1 of the NQ Contacts Backup&Restore application for Android, which originates from the program's use of a DES encryption algorit...

7.5CVSS6.7AI score0.00509EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2017/08/08 6:17 p.m.17 views

Explained: security certificates

As a result of my PowerShell series 1,2,3, where I used the handling of certificates as an example, mainly because I wanted a method to keep track easier of which certificates were being added by malware, I've have received some questions about how security certificates work and how they stopped...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/29 4:39 p.m.63 views

EternalPetya and the lost Salsa20 key

We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry. The research is still in progress, and the full report will be published soon. In this post, we will focus on some new important aspects of the current malware. The low-level attac...

6.5AI score
Exploits0
Exploit DB
Exploit DB
added 2017/02/01 12:0 a.m.57 views

Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=979 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS kernel running in EL1 remains protected from exploit...

7.4AI score
Exploits0
OSV
OSV
added 2016/12/16 9:59 a.m.5 views

UBUNTU-CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...

9.8CVSS6.7AI score0.01326EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/03/01 2:45 p.m.6 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2016/03/01 2:44 p.m.7 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
OSV
OSV
added 2016/01/29 11:2 a.m.7 views

MGASA-2016-0038 Updated chrony packages fix security vulnerability

In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack CVE-2016-1567...

8.1CVSS7.9AI score0.0264EPSS
Exploits1References4
Mageia
Mageia
added 2016/01/29 11:2 a.m.30 views

Updated chrony packages fix security vulnerability

In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack CVE-2016-1567...

8.1CVSS3.8AI score0.0264EPSS
Exploits1References3
Kitploit
Kitploit
added 2015/01/21 8:0 p.m.26 views

Grinder - System to Automate the Fuzzing of Web Browsers

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information such as call stacks with symbol information as well as logging information which can be used...

7.4AI score
Exploits0References1
Fedora
Fedora
added 2013/10/12 12:3 a.m.48 views

[SECURITY] Fedora 19 Update: gnupg-1.4.15-1.fc19

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

5.8CVSS2.7AI score0.0503EPSS
Exploits0
Fedora
Fedora
added 2013/10/10 2:48 p.m.26 views

[SECURITY] Fedora 20 Update: gnupg-1.4.15-1.fc20

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

5.8CVSS2.7AI score0.0503EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2013/08/11 12:0 a.m.3 views

PT-2020-7479 · Gnome +3 · Gnome Evolution +4

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions 3.8.4 and earlier Evolution Data Server versions 3.9.5 and earlier Description: The issue is related to the gpg ctx add recipient function, which does not properly select the GPG key for email encryption. This might...

7.5CVSS7.2AI score0.0189EPSS
Exploits0References84
OpenVAS
OpenVAS
added 2009/02/27 12:0 a.m.27 views

Fedora Update for gnupg FEDORA-2007-316

Check for the Version of gnupg OpenVAS Vulnerability Test Fedora Update for gnupg FEDORA-2007-316 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

10CVSS7.8AI score0.07173EPSS
Exploits1References2
CERT
CERT
added 2007/11/09 12:0 a.m.29 views

Guidance EnCase Enterprise uses weak authentication to identify target machines

Overview Guidance Software's EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than an investigator requested. Description Guidance Software's EnCase Enterprise allows...

4.3CVSS5.9AI score0.01207EPSS
Exploits0References6
Fedora
Fedora
added 2007/03/12 7:15 p.m.54 views

[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

10CVSS2.7AI score0.07173EPSS
Exploits1
Rows per page
Query Builder