Lucene search
K

1938 matches found

F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.37 views

K94010578: tcpdump vulnerabilities CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7983, and CVE-2016-7984

Security Advisory Description CVE-2016-7940 The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. CVE-2016-7973 The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. CVE-2016-7974 The IP parser in tcpdum...

9.8CVSS8.6AI score0.03903EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.47 views

K39512927: tcpdump vulnerabilities CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, and CVE-2016-7933

Security Advisory Description CVE-2016-7928 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcompprint. CVE-2016-7929 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniperparseheader. CVE-2016-7930 The LLC/SNAP...

9.8CVSS8.6AI score0.03355EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.35 views

K42378447: IPsec IKEv1 vulnerability CVE-2018-5389

Security Advisory Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1...

5.9CVSS6.1AI score0.03038EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:19 p.m.815 views

K16846: IPMI vulnerability CVE-2013-4786

Security Advisory Description The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

7.8CVSS7.7AI score0.81802EPSS
Exploits2Affected Software1
Malwarebytes
Malwarebytes
added 2023/02/16 4:0 p.m.19 views

Ransomware pushes City of Oakland into state of emergency

The ransomware attack that hit Oakland on Wednesday February 8, 2023 is still crippling many of the citys services a week later. In fact, the situation is so bad that the Interim City Administrator has now declared a state of emergency. Tweet announcing the state of emergency The ransomware attac...

0.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1758

The krb5saveccnamedone function in providers/krb5/krb5auth.c in System Security Services Daemon SSSD 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by...

3.7CVSS6.8AI score0.00338EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.5 views

SUSE CVE-2013-5597

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary...

10CVSS9.3AI score0.06273EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.3 views

SUSE CVE-2014-2894

Off-by-one error in the cmdsmart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption...

7.2CVSS7.9AI score0.00383EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.3 views

SUSE CVE-2015-6718

The CBSharedReviewIfOfflineDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScri...

6.8CVSS6.9AI score0.0643EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.2 views

SUSE CVE-2016-9191

The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity...

5.5CVSS7.8AI score0.00423EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.4 views

SUSE CVE-2017-3736

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

7.4CVSS8.8AI score0.10133EPSS
Exploits0References33
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.7 views

SUSE CVE-2018-5174

In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEEMASKFLAGNOUI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and i...

7.5CVSS8.8AI score0.01871EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.2 views

SUSE CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

5.9CVSS7AI score0.03038EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.5 views

SUSE CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

2.2CVSS7.6AI score0.02082EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.1 views

SUSE CVE-2019-5850

Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS9AI score0.01009EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.4 views

SUSE CVE-2019-13686

Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.4AI score0.00906EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.1 views

SUSE CVE-2020-6553

Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.8AI score0.01521EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.2 views

SUSE CVE-2021-30507

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

8.8CVSS8.1AI score0.01166EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

5.3CVSS5.3AI score0.01367EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37956

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.9AI score0.01157EPSS
Exploits0References5
Rows per page
Query Builder