Lucene search
K

129 matches found

SUSE CVE
SUSE CVE
added 2024/02/17 3:24 a.m.2 views

SUSE CVE-2023-32189

Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys...

5.9CVSS6.8AI score0.00147EPSS
Exploits0References5
Prion
Prion
added 2024/01/31 5:15 a.m.14 views

Design/Logic Flaw

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

2.6CVSS6.9AI score0.00878EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-2594 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 8.10.0 through 8.12.x Description: The issue is related to an Incorrect Authorization problem in the API key based security model for Remote Cluster Security, which is currently in Beta. This allows a malicious user wit...

6.5CVSS7.8AI score0.00435EPSS
Exploits0References16
Snyk
Snyk
added 2024/01/09 6:28 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling by processing JSON Web Encryption JWE tokens with a high compression ratio. An attacker can cause excessive memory allocation and processing time during decompression, leading to a...

6.8CVSS6.5AI score0.02868EPSS
Exploits0References2
Prion
Prion
added 2023/10/25 6:17 p.m.20 views

Design/Logic Flaw

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...

2.6CVSS5.6AI score0.0055EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.5 views

HashiCorp Vault Security Breach

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. A security vulnerability exists in HashiCorp Vault that stems from the presence of a denial of service vulnerability...

4.9CVSS6.7AI score0.00451EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/14 12:0 a.m.18 views

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

8.8AI score0.00583EPSS
Exploits1References1
OSV
OSV
added 2023/06/27 8:15 p.m.2 views

CVE-2023-30993

IBM Cloud Pak for Security CP4S 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.4 views

PT-2023-23102 · Ibm · Ibm Cloud Pak For Security

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security CP4S versions 1.9.0.0 through 1.9.2.0 Description: The issue allows an attacker with a valid API key for one tenant to access data from another tenant's account. Recommendations: For versions 1.9.0.0 through 1.9.2.0...

7.5CVSS7.5AI score0.00615EPSS
Exploits0References3
OSV
OSV
added 2023/06/22 2:15 a.m.3 views

CVE-2023-33842

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117...

5.5CVSS5.8AI score
Exploits0References2
NCSC
NCSC
added 2023/05/30 12:0 a.m.5 views

Vulnerabilities fixed in Dell EMC Powerpath

Dell has fixed vulnerabilities in Powerpath. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute code with SYSTEM privileges, or to gain access to the license key and thereby perform unauthorized new installations. Dell has released updat...

7.8CVSS7.6AI score0.00176EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/04/11 5:47 p.m.10 views

CVE-2023-1939 No access control for the OTP key on OTP entries

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface...

4.6AI score0.00404EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.6 views

PT-2023-17355 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager Windows versions 2022.3.33.0 and prior Devolutions Remote Desktop Manager Linux versions 2022.3.2.0 and prior Description: The issue is related to a lack of access control for the OTP key on OTP entries in...

4.3CVSS4.6AI score0.00404EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/27 8:46 p.m.5 views

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.7AI score0.0034EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:27 p.m.46 views

K65271605: NTP vulnerability CVE-2016-1549

Security Advisory Description A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and...

6.5CVSS6.5AI score0.03147EPSS
Exploits1Affected Software22
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.3 views

SUSE CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

6.8CVSS6.8AI score0.02386EPSS
Exploits0References13
Prion
Prion
added 2023/01/18 12:15 a.m.13 views

Design/Logic Flaw

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords...

5CVSS7.9AI score0.00611EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/27 12:0 a.m.9 views

CVE-2022-45424

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface...

6.9AI score0.00679EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.4 views

Tesla Model 3 安全漏洞

The Tesla Model 3 is an electric car from the American company Tesla. Tesla Model 3 V11.0 2022.4.5.1 6b701552d7a6 A security vulnerability exists in the Tesla mobile app version v4.23, which stems from the vulnerability of the Tesla Model 3's phone key authentication to a man-in-the-middle attack...

5.3CVSS5.8AI score0.00563EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.7 views

RubyGems 授权问题漏洞

RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used to distribute and manage Ruby packages. RubyGems suffers from a security vulnerability that stems from an error in the password and email change confirmation code that allows an attacker to change the...

8.8CVSS7.8AI score0.00814EPSS
Exploits0References3
Rows per page
Query Builder