Lucene search
K

53 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.3 views

gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS5.7AI score0.0015EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.6 views

gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS5.7AI score0.0015EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.4 views

gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS5.7AI score0.0015EPSS
Exploits0References6
NVD
NVD
added 2026/06/16 2:16 a.m.13 views

CVE-2026-42014

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS0.0015EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/16 12:49 a.m.7 views

EUVD-2026-37029

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS5.2AI score0.0015EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/16 12:49 a.m.41 views

CVE-2026-42014 Gnutls: gnutls: use-after-free in gnutls_pkcs11_token_set_pin

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS0.0015EPSS
Exploits0References15
CVE
CVE
added 2026/06/16 12:49 a.m.25 views

CVE-2026-42014

GnuTLS vulnerability CVE-2026-42014 fixes a use-after-free in gnutls_pkcs11_token_set_pin when changing the Security Officer PIN with a NULL old PIN on tokens lacking a protected authentication path. The connected advisories (SUSE SUSE-SU-2026:2115-1, OSV entries, and Red Hat Oracle/Rocky advisor...

6.6CVSS5.2AI score0.0015EPSS
Exploits0References15
Microsoft Secure
Microsoft Secure
added 2026/04/29 4:0 p.m.8 views

8 best practices for CISOs conducting risk reviews

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/21 8:5 a.m.2 views

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

The U.S. Securities and Exchange Commission SEC has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025,...

6.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/11/06 5:0 p.m.4 views

New IDC research highlights a major cloud security shift

Cloud security is at a tipping point. While moving to the cloud powers both growth and speed for organizations, it can also bring new risks. According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2025/10/29 2:0 p.m.7 views

How CISOs Should Plan Security Budgets for 2026

Build a defensible 2026 security budget with data, not guesswork. We share practical tips, ROI levers, and fresh insights from our survey of 300+ CISOs and security leaders...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23283

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00293EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/02 8:24 p.m.19 views

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

7.3CVSS6.3AI score0.00293EPSS
Exploits1References1
NVD
NVD
added 2025/07/31 4:15 p.m.29 views

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

7.3CVSS0.00293EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/31 12:0 a.m.10 views

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

0.00293EPSS
Exploits1References2
CVE
CVE
added 2025/07/31 12:0 a.m.26 views

CVE-2025-29556

ExaGrid EX10 vulnerable to Incorrect Access Control (CVE-2025-29556) in versions 6.3–7.0.1.P08. A flaw in the account creation flow allows an Admin to bypass restrictions via API request manipulation, enabling creation of Security Officer accounts without prior approval. Attack scenario: an Admin...

7.3CVSS6.5AI score0.00293EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/07/30 8:24 p.m.185 views

Exploit for CVE-2025-29556

CVE-2025-29556 – ExaGrid Security Officer Account Creation Byp...

7.3CVSS7AI score0.00293EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.9 views

PT-2025-31459 · Exagrid · Exagrid Ex10

Name of the Vulnerable Software and Affected Versions: ExaGrid EX10 versions 6.3 through 7.0.1.P08 Description: ExaGrid EX10 versions 6.3 through 7.0.1.P08 are susceptible to an incorrect access control issue. Starting with version 6.3, ExaGrid implemented restrictions to prevent users with the...

7.3CVSS6.4AI score0.00293EPSS
Exploits1References7
Microsoft Secure
Microsoft Secure
added 2025/05/07 4:0 p.m.9 views

Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2

Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company’s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering...

6.7AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2024/08/05 12:42 p.m.8 views

CISO: funciones y responsabilidades laborales 🛡️

Significado de CISO En el ámbito corporativo, CISO es un acrónimo ampliamente reconocido que denota a "Chief Information Security Officer", que se puede interpretar en español como el Encargado Principal de Salvaguardar la Información. Este encargo representa una posición esencial en el organigra...

7.9AI score
Exploits0
Rows per page
Query Builder