Lucene search
K

1156 matches found

Exploit DB
Exploit DB
added 2018/04/09 12:0 a.m.63 views

CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure

Advisory: CyberArk Password Vault Memory Disclosure Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. Details ======= Product: CyberArk Password...

5.3CVSS5.2AI score0.14116EPSS
Exploits12
OSV
OSV
added 2018/04/05 9:29 p.m.3 views

CVE-2017-14462

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

9.8CVSS5.8AI score0.34166EPSS
Exploits1References1
Prion
Prion
added 2018/04/04 7:29 a.m.19 views

Code injection

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...

5CVSS7.3AI score0.01858EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/02/23 10:0 p.m.115 views

CVE-2018-7332

Wireshark vulnerability CVE-2018-7332 affects the epan/dissectors/packet-reload.c code path, where an infinite loop could be triggered by malformed packets in Wireshark 2.4.0–2.4.4 and 2.2.0–2.2.12. The issue was addressed by validating a length, preventing the loop. Some connected advisories (e....

7.5CVSS7.2AI score0.02385EPSS
Exploits0References5Affected Software1
Debian
Debian
added 2018/01/28 3:55 p.m.24 views

[SECURITY] [DSA 4101-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4101-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 28, 2018 https://www.debian.org/security/faq -...

7.5CVSS7.7AI score0.02692EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2018/01/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-2052

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface...

10CVSS6.4AI score0.05205EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2018/01/18 12:0 a.m.4 views

The vulnerability of the sctp_do_peeloff function in the Linux operating system allows a hacker to cause a service failure or exert other effects.

The vulnerability of the sctpdopeeloff function in the Linux operating system’s net/sctp/socket.c file is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker, acting locally, to cause service failures or other effects through specially crafted...

7.8CVSS6.8AI score0.0047EPSS
Exploits0References39Affected Software3
Debian
Debian
added 2017/12/31 2:35 p.m.39 views

[SECURITY] [DLA 1226-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u8 CVE ID : CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARPMPA, NetBIOS, Profinet I/O and...

7.5CVSS8.5AI score0.16786EPSS
Exploits1
OpenVAS
OpenVAS
added 2017/12/13 12:0 a.m.51 views

Distributed Network Protocol (DNP3) Detection

A Distributed Network Protocol DNP3 Service is running at this host. DNP3 Distributed Network Protocol is a set of communications protocols used between components in process automation systems. DNP3 has become widely utilized in adjacent industries such as water/waste water, transportation and t...

7AI score
Exploits0References1
Debian
Debian
added 2017/12/09 11:51 a.m.72 views

[SECURITY] [DSA 4060-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4060-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2017 https://www.debian.org/security/faq -...

7.5CVSS8.7AI score0.16786EPSS
Exploits1
Imperva Blog
Imperva Blog
added 2017/12/07 7:0 p.m.16 views

The Forrester Wave Ranks Imperva as a Leader for DDoS Mitigation Providers

Imperva has tracked the DDoS threat for some time now. Back in 2014 we saw the rise of DDoS botnets. In 2015, we revealed one of the first IoT-based DDoS attacks. Last year, we predicted and then documented one of the largest botnet-based DDoS attacks. DDoS mitigation, as it turns out, is the...

6.6AI score
Exploits0
CVE
CVE
added 2017/12/01 8:0 a.m.116 views

CVE-2017-17084

Wireshark CVE-2017-17084 affects the IWARP_MPA dissector; root cause is a crash from malformed IWARP MPA data due to insufficient validation. The fix involves validating the ULPDU length in epan/dissectors/packet-iwarp-mpa.c to prevent the crash. Exploit details and affected versions are not full...

7.5CVSS7.2AI score0.02743EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2017/11/24 12:0 a.m.44 views

Factory Interface Network Service (FINS) Detection (UDP)

UDP based detection of services supporting the Factory Interface Network Service FINS protocol. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.1AI score
Exploits0References1
seebug.org
seebug.org
added 2017/11/08 12:0 a.m.40 views

Cesanta Mongoose MQTT SUBSCRIBE Command Denial Of Service(CVE-2017-2893)

Summary An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT...

8AI score0.26577EPSS
Exploits2
Talos
Talos
added 2017/10/31 12:0 a.m.53 views

Cesanta Mongoose Websocket Protocol Fragmented Packet Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited...

9.8CVSS9.9AI score0.02625EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2017/10/17 2:29 p.m.12 views

CVE-2014-8324

network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service segmentation fault via a response with a crafted length parameter...

7.5CVSS7.2AI score0.04172EPSS
Exploits0References3
CVE
CVE
added 2017/10/10 9:0 p.m.75 views

CVE-2017-15189

Wireshark 2.4.0–2.4.1 DOCSIS dissector could enter an infinite loop; fix implemented in plugins/docsis/packet-docsis.c by adding decrements. Public disclosures (e.g., Fedora 27 update) indicate CVE-2017-15189 is addressed in Wireshark 2.4.2, with related CVEs also covered in the same release. The...

7.5CVSS7.2AI score0.01685EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2017/09/02 12:0 a.m.4 views

Linux kernel denial of service vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the tcpdisconnect function in net/ipv4/tcp.c in Linux kernel version 4.12, which can be exploited by an attacker to cause a denial ...

5.5CVSS6AI score0.00445EPSS
Exploits0References1
Prion
Prion
added 2017/08/05 5:29 p.m.17 views

Design/Logic Flaw

DISPUTED An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, t...

10CVSS7AI score0.02244EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.17 views

CVE-2017-9860

An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the invert...

10CVSS9.2AI score0.02244EPSS
Exploits0References3
Rows per page
Query Builder