Lucene search
K

158 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:40 a.m.6 views

SUSE CVE-2017-13081

Wi-Fi Protected Access WPA and WPA2 that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key IGTK during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients...

8.1CVSS6.9AI score0.02003EPSS
Exploits0References19
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.2 views

GSS-NTLMSSP 缓冲区错误漏洞

GSS-NTLMSSP is gssapi open source a mechglue plugin that implements the NTLM authentication GSSAPI library . GSS-NTLMSSP version 1.2.0 before the buffer error vulnerability , the vulnerability stems from the length of the two elements avpair may trigger an out-of-bounds read is not properly check...

7.5CVSS7.4AI score0.01103EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2022/12/02 10:35 a.m.21 views

What the CISA Reporting Rule Means for Your IT Security Protocol

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 CIRCIA requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking NPRM that CISA must publish sooner than 24 months...

7.2AI score
Exploits0
RustSec
RustSec
added 2022/07/30 12:0 p.m.19 views

Post-Quantum Key Encapsulation Mechanism SIKE broken

Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol. As a result, the secret key of SIKEp751 can be recovered in a matter of hours. The SIKE and SIDH schemes will be removed from oqs 0.7.2. The affected schemes are the oqs::kem::Algorithm::Sike and...

2.6AI score
Exploits0Affected Software1
Code423n4
Code423n4
added 2022/07/11 12:0 a.m.9 views

Upgraded Q -> M from 270 [1657580410834]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/06/28 12:34 p.m.5 views

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

7.8CVSS6.8AI score0.05524EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.2 views

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

7.4CVSS7.3AI score0.08373EPSS
Exploits0References5
ICS
ICS
added 2022/06/28 12:0 a.m.75 views

Motorola Solutions MDLC

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MDLC Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Plaintext Storage of a Password CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found...

9.8CVSS9.1AI score0.0048EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/11/09 12:0 a.m.2 views

PT-2021-5261 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Credential Security Support Provider Protocol CredSSP in the Windows operating system, specifically concerning insecure privilege management. This allows an...

7.8CVSS7.2AI score0.0043EPSS
Exploits0References9
Filippo.io
Filippo.io
added 2021/09/15 10:0 p.m.19 views

Automatic Cipher Suite Ordering in crypto/tls

This is the first article I wrote for the Go blog !! about how TLS cipher suites configuration got so complicated, and how weve made it way easier in Go 1.17. The Go standard library provides crypto/tls, a robust implementation of Transport Layer Security TLS, the most important security protocol...

6.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.3 views

The vulnerability of implementations of WEP, WPA, WPA2, and WPA3 algorithms in the Linux operating system allows attackers to compromise the integrity of protected information.

The vulnerability of implementations of WEP, WPA, WPA2, and WPA3 algorithms in Linux operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information by using specially crafted...

5.3CVSS6.9AI score0.05622EPSS
Exploits0References15Affected Software5
OSV
OSV
added 2021/06/08 1:15 p.m.3 views

UBUNTU-CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

7.4CVSS5.8AI score0.00522EPSS
Exploits0References5
Hacker One
Hacker One
added 2020/08/29 9:0 a.m.69 views

X (Formerly Twitter): Bypass Password Authentication to Update the Password

Summary:This additional security measure from twitter provides protection to the victim's account, considering that a victim's session may have been hijacked by a hacker, however, due to this additional layer of security Implemented by twitter the hacker would not be able to change the victim's...

6.9AI score
Exploits0
NVD
NVD
added 2020/08/21 3:15 p.m.12 views

CVE-2020-24051

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issu...

10CVSS9.5AI score0.02218EPSS
Exploits1References2
CVE
CVE
added 2020/08/21 2:23 p.m.48 views

CVE-2020-24051

The CVE-2020-24051 entry affects Moog EXO Series EXVF5C-2 and EXVP7C2-3 units. The ONVIF authentication for certain operations can be bypassed, allowing an attacker to perform privileged actions without authentication, such as creating a new Administrator user. NVD notes a high/critical impact (C...

10CVSS9.4AI score0.02218EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/30 12:0 a.m.27 views

EulerOS 2.0 SP8 : gnutls (EulerOS-SA-2020-1803)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authenticati...

7.4CVSS6.9AI score0.17507EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.75 views

TLS Version 1.3 Protocol Detection

The remote service accepts connections encrypted using TLS 1.3. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid138330; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/04/13"; scriptnameenglish:"TLS Version 1.3 Protocol Detection"...

5.8AI score
Exploits0References1
Hacker One
Hacker One
added 2020/06/07 7:6 p.m.118 views

h1-ctf: [H1-2006 2020] CTF Writeup

Summary: Multiple Vulnerabilities leading to full account takeover and access to restricted functions 1. Information Disclosure 2. Login 2FA Bypass 3. SSRF 4. Hardcoded validation 5. Sensitive information disclosure 6. Privilege Escalation 7. Payments 2FA Bypass through SSRF Steps To Reproduce: 0...

7.7AI score
Exploits0
NVD
NVD
added 2020/04/03 1:15 p.m.19 views

CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

7.4CVSS7.3AI score0.03388EPSS
Exploits0References10
OSV
OSV
added 2020/04/03 1:15 p.m.20 views

CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

7.4CVSS7.3AI score
Exploits0References10
Rows per page
Query Builder