29 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-36647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269. CVE-2022-36647 Not...
Debian dla-4236 : libmbedcrypto3 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4236 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4236-1 [email protected]...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2020-36647
A vulnerability classified as critical has been found in YunoHost-Apps transmissionynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to...
CVE-2021-36647 affecting package hvloader for versions less than 1.0.1-6
CVE-2021-36647 affecting package hvloader for versions less than 1.0.1-6. An upgraded version of the package is available that resolves this issue...
CVE-2024-36647
A stored cross-site scripting XSS vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page...
CVE-2024-36647
Church CRM v5.8.0 is affected by a stored XSS vulnerability where a crafted payload in the Family Name field on the Register a New Family page can execute arbitrary web scripts/HTML. The CVE-2024-36647 entry aligns with multiple sources (NVD, OSV, CVE records) describing a stored XSS with impact ...
CVE-2023-36647
creationtimestamp| type| source ---|---|--- 2024-01-01 15:06:58+00:00| seen| https://t.me/ctinow/161326...
CVE-2023-36647
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...
CVE-2023-36647
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...
CVE-2023-36647
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...
CVE-2023-36647
Summary: CVE-2023-36647 affects ProLion CryptoSpike 3.0.15P2, where a hard-coded cryptographic private key is used to sign JWTs, enabling remote impersonation of users/roles in web management and REST API endpoints. The vulnerability arises from the use of a private key embedded in the product, e...
CVE-2023-36647
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...
CVE-2021-36647 affecting package fluent-bit for versions less than 2.0.9-1
CVE-2021-36647 affecting package fluent-bit for versions less than 2.0.9-1. An upgraded version of the package is available that resolves this issue...
CVE-2021-36647
creationtimestamp| type| source ---|---|--- 2023-01-18 00:15:23+00:00| seen| https://t.me/cibsecurity/56623 2025-04-08 20:46:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11007...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
AZL-13023 CVE-2021-36647 affecting package fluent-bit for versions less than 2.0.9-1
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
The issue (CVE-2021-36647) is in the mbed TLS library, specifically the function mbedtls_mpi_exp_mod() in lignum.c. All affected releases prior to 3.0.0, 2.27.0, or 2.16.11 are vulnerable. The underlying problem is the use of a broken or risky cryptographic algorithm that, when an attacker has pr...