115 matches found
The vulnerability of the ServerConfig.PublicKeyCallback() function in the Go programming language library allows a hacker to bypass security restrictions.
The vulnerability of the ServerConfig.PublicKeyCallback function in the Go programming language library is related to deficiencies in the authentication process when handling keys. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a remote locati...
PT-2025-24284 · Wolfbox · Wolfbox Level 2 Ev Charger
Name of the Vulnerable Software and Affected Versions: WOLFBOX Level 2 EV Charger affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. The flaw exists within the handling...
PT-2025-20926
Name of the Vulnerable Software and Affected Versions: Flask versions 3.1.0 Description: The issue arises from the incorrect handling of fallback key configuration in Flask, where the last fallback key is used for signing instead of the current signing key. This is due to Flask constructing the...
CVE-2025-37795
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Improper Cache Key Handling
api-platform/core is vulnerable to Improper cache key handling. The vulnerability is due to the isCacheKeySafe method not effectively preventing caching when followed by the parent::normalize call, which may allow an attacker to access unauthorized data...
CLSA-2025-1744116044 Fix CVE(s): CVE-2016-8614
SECURITY UPDATE: improper verification of key fingerprints in aptkey module - debian/patches/CVE-2016-8614.patch: fix use of long key IDs for delete, check for keyid presence and fix keyid length for verification. Fix reversed order of return values in parsekeyid function - CVE-2016-8614...
ROS-20250219-03
A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or modification. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information A vulnerability in th...
FreeBSD : liboqs -- Correctness error in HQC decapsulation (dc087dad-bd71-11ef-b5a1-000ec6d40964)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the dc087dad-bd71-11ef-b5a1-000ec6d40964 advisory. The Open Quantum Safe project reports: A correctness error has been identified in the reference...
AZL-54327 CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
PT-2024-40144 · Pqclean · Pqclean
Name of the Vulnerable Software and Affected Versions: PQClean affected versions not specified Description: A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism, where an indexing error causes part of the secret key to be incorrectly treat...
PDF Viewer Macro 安全漏洞
PDF Viewer Macro is an open source macro for XWiki SAS. It allows viewing PDF files attached to XWiki pages from within the XWiki page. A security vulnerability exists in PDF Viewer Macro prior to version 2.5.6, which stems from the fact that any user with viewing privileges to...
The vulnerability of the Linux operating system’s kernel, which allows a hacker to obtain encryption keys
The vulnerability of the Linux operating system’s kernel is related to the storage of confidential information in an open manner during the processing of DCP keys. Exploiting this vulnerability can allow a perpetrator to obtain encryption keys...
UBUNTU-CVE-2024-45004
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read export will simply convert this field to hex and send it to...
SUSE CVE-2022-48782
In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed tracemctpkeyacquirekey; ^ When mctpkeyadd fails, key is freed but then is later used in...
DEBIAN-CVE-2022-48782
In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed tracemctpkeyacquirekey; ^ When mctpkeyadd fails, key is freed but then is later used in...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
The vulnerability of the OpenSSH ECDSA Key Handler component in JavaScript-based object signing and encryption technologies allows a malicious actor to gain unauthorized access to OpenSSH ECDSA public keys.
The vulnerability of the OpenSSH ECDSA Key Handler component in JavaScript-based object signing and encryption technologies is related to the determination of the blacklist of prefixes for public keys. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...
CVE-2024-5264
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...
SUSE CVE-2023-52530
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211keylink is called by ieee80211gtkrekeyadd but returns 0 due to KRACK protection identical key reinstall, ieee80211gtkrekeyadd will still return a pointer into the key...
kernel: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
A vulnerability was discovered in the Intel wireless iwlwifi driver in the Linux kernel that could lead to a buffer overflow in the Driver Virtualization Module key handling code. When processing a received TKIP key that includes MIC rx/tx components, the driver did not adequately limit the amoun...