EX-NIDS: a Framework for Explainable Network Intrusion Detection Leveraging Large Language Models

This paper introduces eX-NIDS, a framework designed to enhance interpretability in flow-based Network Intrusion Detection Systems NIDS by leveraging Large Language Models LLMs. In our proposed framework, flows labelled as malicious by NIDS are initially processed through a module called the Promp...

SAP Leasing CVE-2020-6306 Remote Authorization Bypass Vulnerability

Description SAP Leasing is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected SAP Leasing 6.0 SAP Leasing 6.02 SAP Leasing 6.0...

Microsoft Office Online CVE-2020-0647 Spoofing Vulnerability

Description Microsoft Office Online is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Office...

Microsoft ASP.NET Core CVE-2020-0602 Denial of Service Vulnerability

Description Microsoft ASP.NET Core is prone to a remote denial of service vulnerability. An attacker can exploit this issue to cause a denial of service condition. Technologies Affected Microsoft ASP.NET Core 2.1 Microsoft ASP.NET Core 3.0 Microsoft ASP.NET Core 3.1 Recommendations Block external...

Microsoft Internet Explorer CVE-2020-0640 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet Explor...

Oracle Enterprise Manager for Fusion Middleware CVE-2020-2614 Remote Security Vulnerability

Description Oracle Enterprise Manager for Fusion Middleware is prone to a remote security vulnerability. The vulnerability can be exploited over 'HTTP' protocol. The 'APM Mesh' component is affected. This vulnerability affects the following supported versions: 13.2, 13.3 Technologies Affected...

Oracle PeopleSoft Enterprise PeopleTools Cpujan2020 Multiple Remote Security Vulnerabilities

Description Oracle PeopleSoft Enterprise PeopleTools is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. These vulnerabilities affect the following supported versions: 8.56, 8.57 Technologies Affected Oracle PeopleSoft Enterprise...

Microsoft Windows Remote Desktop Protocol CVE-2020-0612 Denial of Service Vulnerability

Description Microsoft Windows Remote Desktop Protocol is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the target service to stop responding, denying service to legitimate users. Technologies Affected Microsoft Windows Server 2016 Microsoft Windows Server...

Adobe Illustrator APSB20-03 Multiple Memory Corruption Vulnerabilities

Description Adobe Illustrator is prone to multiple memory-corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe...

Juniper Junos CVE-2020-1608 Multiple Denial of Service Vulnerabilities

Description Juniper Junos is prone to multiple denial-of-service vulnerabilities. An attacker may exploit these issues to cause denial-of-service conditions. Technologies Affected Juniper Junos 17.2R2-S6 Juniper Junos 17.2R2-S7 Juniper Junos 17.2R2-S8 Juniper Junos 17.2R3 Juniper Junos 17.2R3-S1...

Cisco Unified Customer Voice Portal CVE-2019-16017 Denial of Service Vulnerability

Description Cisco Unified Customer Voice Portal is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvp72741. Technologies Affected Cisco Unified...

SQLite Multiple Security Vulnerabilities

Description SQLite is prone to the following security vulnerabilities. 1. Multiple denial-of-service vulnerabilities 2. Multiple security vulnerabilities An attacker can exploit these issues to cause denial-of-service conditions. SQLite version 3.30.1 is vulnerable. Technologies Affected Redhat...

cURL CVE-2019-15601 Remote Security Bypass Vulnerability

Description cURL is prone to a remote security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. cURL versions prior to 7.68.0 are vulnerable. Technologies Affected Haxx Curl 7.34.0 Haxx Cur...

Cisco Data Center Network Manager Multiple Authentication Bypass Vulnerabilities

Description Cisco Data Center Network Manager is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions with administrative privileges. This may lead to further attacks. These issues are bei...

MyBB CVE-2019-20225 Open Redirection Vulnerability

Description MyBB is prone to an open-redirection vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks...

Microsoft Exchange Server '/Autodiscover' Server Side Request Forgery Security Bypass Vulnerability

Description Microsoft Exchange Server is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Microsoft Exchange Server 2013 Cumulative Update 22 and prior versions are...

D-Link DIR-859 Routers CVE-2019-20213 Information Disclosure Vulnerability

Description D-Link DIR-859 routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information and perform unauthorized actions. Versions prior to D-Link DIR-859 1.07b03beta are vulnerable. Technologies Affected D-Link DIR-859 1.05 D-Link...

Apache Log4j CVE-2019-17571 Deserialization Remote Code Execution Vulnerability

Description Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j versions through 1.2.17 are...

Rack CVE-2019-16782 Information Disclosure Vulnerability

Description Rack is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Rack Project Rack 0.1 Rack Project Rack 0.2 Rack Project Rack 0.3 Rack Project Rack 0.4 Rack Project Rack...

IBM API Connect CVE-2019-4609 Information Disclosure Vulnerability

Description IBM API Connect is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM API Connect 2018.4.1.7 is vulnerable; other versions may also affected. Technologies Affected IBM API...