Lucene search
+L

115 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.4 views

The vulnerability of the ServerConfig.PublicKeyCallback() function in the Go programming language library allows a hacker to bypass security restrictions.

The vulnerability of the ServerConfig.PublicKeyCallback function in the Go programming language library is related to deficiencies in the authentication process when handling keys. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a remote locati...

9.4CVSS6.7AI score0.03153EPSS
Exploits2References10Affected Software2
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.7 views

PT-2025-24284 · Wolfbox · Wolfbox Level 2 Ev Charger

Name of the Vulnerable Software and Affected Versions: WOLFBOX Level 2 EV Charger affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. The flaw exists within the handling...

8.8CVSS6.2AI score0.00171EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-20926

Name of the Vulnerable Software and Affected Versions: Flask versions 3.1.0 Description: The issue arises from the incorrect handling of fallback key configuration in Flask, where the last fallback key is used for signing instead of the current signing key. This is due to Flask constructing the...

1.8CVSS6.3AI score0.0016EPSS
Exploits0References24
NVD
NVD
added 2025/05/01 2:15 p.m.25 views

CVE-2025-37795

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
Veracode
Veracode
added 2025/04/15 3:40 a.m.10 views

Improper Cache Key Handling

api-platform/core is vulnerable to Improper cache key handling. The vulnerability is due to the isCacheKeySafe method not effectively preventing caching when followed by the parent::normalize call, which may allow an attacker to access unauthorized data...

7.5CVSS6.6AI score0.00573EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2025/04/08 12:40 p.m.6 views

CLSA-2025-1744116044 Fix CVE(s): CVE-2016-8614

SECURITY UPDATE: improper verification of key fingerprints in aptkey module - debian/patches/CVE-2016-8614.patch: fix use of long key IDs for delete, check for keyid presence and fix keyid length for verification. Fix reversed order of return values in parsekeyid function - CVE-2016-8614...

7.5CVSS6.9AI score0.02458EPSS
Exploits1References1
Redos
Redos
added 2025/02/19 12:0 a.m.12 views

ROS-20250219-03

A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or modification. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information A vulnerability in th...

9.8CVSS8.9AI score0.03153EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/12/19 12:0 a.m.6 views

FreeBSD : liboqs -- Correctness error in HQC decapsulation (dc087dad-bd71-11ef-b5a1-000ec6d40964)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the dc087dad-bd71-11ef-b5a1-000ec6d40964 advisory. The Open Quantum Safe project reports: A correctness error has been identified in the reference...

7.5CVSS7.2AI score0.00394EPSS
Exploits0References3
OSV
OSV
added 2024/12/12 2:2 a.m.7 views

AZL-54327 CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

9.1CVSS6.7AI score0.03153EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.4 views

PT-2024-40144 · Pqclean · Pqclean

Name of the Vulnerable Software and Affected Versions: PQClean affected versions not specified Description: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism, where an indexing error causes part of the secret key to be incorrectly treat...

6.9AI score
Exploits0References6
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.5 views

PDF Viewer Macro 安全漏洞

PDF Viewer Macro is an open source macro for XWiki SAS. It allows viewing PDF files attached to XWiki pages from within the XWiki page. A security vulnerability exists in PDF Viewer Macro prior to version 2.5.6, which stems from the fact that any user with viewing privileges to...

7.5CVSS6.5AI score0.00516EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/16 12:0 a.m.13 views

The vulnerability of the Linux operating system’s kernel, which allows a hacker to obtain encryption keys

The vulnerability of the Linux operating system’s kernel is related to the storage of confidential information in an open manner during the processing of DCP keys. Exploiting this vulnerability can allow a perpetrator to obtain encryption keys...

5.5CVSS5.9AI score0.00102EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2024/09/04 8:15 p.m.3 views

UBUNTU-CVE-2024-45004

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read export will simply convert this field to hex and send it to...

5.5CVSS5.9AI score0.00102EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/07/17 4:19 a.m.6 views

SUSE CVE-2022-48782

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed tracemctpkeyacquirekey; ^ When mctpkeyadd fails, key is freed but then is later used in...

7.8CVSS6.5AI score0.00216EPSS
Exploits0References3
OSV
OSV
added 2024/07/16 12:15 p.m.5 views

DEBIAN-CVE-2022-48782

In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed tracemctpkeyacquirekey; ^ When mctpkeyadd fails, key is freed but then is later used in...

7.8CVSS6.2AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2024/06/21 5:15 p.m.4 views

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

7.5CVSS5.8AI score0.00344EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/06/20 12:0 a.m.7 views

The vulnerability of the OpenSSH ECDSA Key Handler component in JavaScript-based object signing and encryption technologies allows a malicious actor to gain unauthorized access to OpenSSH ECDSA public keys.

The vulnerability of the OpenSSH ECDSA Key Handler component in JavaScript-based object signing and encryption technologies is related to the determination of the blacklist of prefixes for public keys. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...

7.8CVSS6.7AI score0.00307EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2024/05/23 9:15 a.m.3 views

CVE-2024-5264

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/03/06 4:34 a.m.3 views

SUSE CVE-2023-52530

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211keylink is called by ieee80211gtkrekeyadd but returns 0 due to KRACK protection identical key reinstall, ieee80211gtkrekeyadd will still return a pointer into the key...

5.5CVSS6.4AI score0.00233EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.6 views

kernel: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace

A vulnerability was discovered in the Intel wireless iwlwifi driver in the Linux kernel that could lead to a buffer overflow in the Driver Virtualization Module key handling code. When processing a received TKIP key that includes MIC rx/tx components, the driver did not adequately limit the amoun...

6.1AI score0.00177EPSS
Exploits0References5
Rows per page
Query Builder