Lucene search
K

378 matches found

OSV
OSV
added 2021/05/26 10:15 p.m.1 views

DEBIAN-CVE-2021-30472

A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value...

7.8CVSS8.1AI score0.00763EPSS
Exploits1References1
OSV
OSV
added 2021/05/26 10:15 p.m.2 views

UBUNTU-CVE-2021-30472

A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value...

7.8CVSS7.6AI score0.00763EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/05/26 12:0 a.m.5 views

PT-2021-18746 · Podofo +2 · Podofo +2

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.7 Description: A flaw was found in the PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp, which allows for a stack-based buffer overflow due to an improper check of the keyLength value. Recommendations: For PoDo...

7.8CVSS5.8AI score0.00763EPSS
Exploits4References22
Node.js
Node.js
added 2021/05/06 4:14 p.m.56 views

RSA signature validation vulnerability

Overview Impact Vulnerable versions of jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length shall be the same as RSA key length however such checking was not sufficien...

6.4CVSS3.1AI score0.0096EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2019:2648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.3AI score0.05189EPSS
Exploits26References268
Positive Technologies
Positive Technologies
added 2021/03/19 12:0 a.m.4 views

PT-2021-3955 · Unknown +2 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the Oauth extension for MediaWiki. The problem lies in MWOAuthConsumerSubmitControl.php, which does not ensure that the length of an RSA key will fit in a MySQL blob...

9.8CVSS6AI score0.03832EPSS
Exploits18References78
OSV
OSV
added 2021/03/15 8:13 p.m.5 views

USN-4770-1 glusterfs vulnerabilities

It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3619 It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker...

8.8CVSS7AI score0.05374EPSS
Exploits1References23
NVD
NVD
added 2021/02/22 7:15 a.m.33 views

CVE-2020-11269

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

8.8CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2021/02/22 6:25 a.m.91 views

CVE-2020-11269

CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...

8.8CVSS8.8AI score0.00283EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.5 views

Qualcomm Qualcomm Wlan Firmware Buffer Error Vulnerability

Qualcomm Wlan Firmware is a Bluetooth support firmware from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm WLAN Firmware that originates from an out-of-bounds read if the EAPOL key length is less than expected when processing NAN shared key descriptor attributes. The...

7.8CVSS6.8AI score0.00598EPSS
Exploits0References2
NVD
NVD
added 2020/11/17 9:15 p.m.9 views

CVE-2020-26550

An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key...

7.5CVSS7.5AI score0.01461EPSS
Exploits1References1
NVD
NVD
added 2020/10/29 2:15 p.m.23 views

CVE-2020-5938

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow...

6.5CVSS6.5AI score0.00523EPSS
Exploits0References1
OSV
OSV
added 2020/10/29 2:15 p.m.3 views

CVE-2020-5938

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow...

6.5CVSS6.6AI score0.00523EPSS
Exploits0References1
OSV
OSV
added 2020/10/29 4:15 a.m.5 views

CVE-2020-11488

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead t...

6.7CVSS5.9AI score0.00243EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/10/29 12:0 a.m.24 views

F5 Networks BIG-IP : F5 IPsec vulnerability (K76610106)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K76610106 advisory. When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the...

6.5CVSS6.6AI score0.00523EPSS
Exploits0References2
Prion
Prion
added 2020/08/26 3:15 p.m.17 views

Code injection

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure...

4.3CVSS5.8AI score0.00523EPSS
Exploits0References1Affected Software12
CNVD
CNVD
added 2020/05/14 12:0 a.m.3 views

FreeBSD Buffer Overflow Vulnerability (CNVD-2020-32360)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A buffer overflow vulnerability exists in the cryptodev module in FreeBSD versions prior to 12.1-STABLE r356911 and prior to 12.1-RELEASE p5, which stems from a program that fails to adequately validate the length of a...

9.8CVSS7.1AI score0.01505EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/05/13 12:0 a.m.22 views

FreeBSD : FreeBSD -- Insufficient cryptodev MAC key length check (0bfcae0b-947f-11ea-92ab-00163e433440)

Requests to create cryptography sessions using a MAC did not validate the user-supplied MAC key length. The cryptodev module allocates a buffer whose size is this user-suppled length. Impact : An unprivileged process can trigger a kernel panic. C Tenable Network Security, Inc. The descriptive tex...

7.4CVSS7.3AI score0.00656EPSS
Exploits0References2
OSV
OSV
added 2020/03/02 6:15 p.m.3 views

CVE-2019-18863

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercep...

5.9CVSS6.2AI score0.00513EPSS
Exploits0References2
NVD
NVD
added 2020/03/02 6:15 p.m.16 views

CVE-2019-18863

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercep...

5.9CVSS5.5AI score0.00513EPSS
Exploits0References2
Rows per page
Query Builder