292 matches found
Flowise Pre-auth Arbitrary File Upload
Summary An unauthorized attacker can leverage the whitelisted route /api/v1/attachments to upload arbitrary files when the storageType is set to local default. Details When a new request arrives, the system first checks if the URL starts with /api/v1/. If it does, the system then verifies whether...
Authentication Bypass
github.com/minio/minio is vulnerable to Authentication bypass. The vulnerability is due to improper enforcement of SSH key validation when using LDAP as an external identity provider, allowing unauthorized access if the sshPublicKey attribute is missing...
WordPress plugin Majestic Support 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...
SSH PrivX 安全漏洞
SSH PrivX is a scalable, cost-effective and highly automated privileged access management PAM solution from SSH. A security vulnerability exists in SSH PrivX versions 18.0 through 36.0 that stems from insufficient validation of public key signatures during a native SSH connection using a proxy po...
CVE-2024-47857
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target host...
CVE-2024-53179
CVE-2024-53179 — Linux kernel SMB client UAF : A race between cifs_mount path and SMB2.1 with sign mounts can free the signing key (ses->auth_key.response) leading to a use-after-free. Root cause: use-after-free in signature key handling during session setup via the SMB signing path. A fix was...
Oracle Linux 9 : NetworkManager-libreswan (ELSA-2024-9555)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9555 advisory. 1.2.22-4 - Unbreak validation of unknown keys 1.2.22-2 - Fix improper escaping of Libreswan configuration CVE-2024-9050 Tenable has extracted the preceding...
NetworkManager-libreswan security update
1.2.22-4 - Unbreak validation of unknown keys 1.2.22-2 - Fix improper escaping of Libreswan configuration CVE-2024-9050...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:3766-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3766-1 advisory. - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 - CVE-2024-41996: Avoid expensive...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups DHEATATTACK bsc1230698 Patch Instructions: To install this SUSE update use the SUSE recommended...
Public Key Validation
secp256k1 is vulnerable to public key validation issues. The vulnerability is due to an implementation oversight in the secp256k1-node library, where the loadCompressedPublicKey function fails to verify if the public key is on the secp256k1 curve, allowing the use of invalid public keys from...
GHSA-584Q-6J8J-R5PM secp256k1-node allows private key extraction over ECDH
Summary In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.jsL37-L39 loadCompressedPublicKey is, however, missing that check:...
CVE-2024-7491
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...
Let’s All Agree to Use Seeds as ML-KEM Keys
Last week, NIST published the final version of the ML-KEM1 specification, FIPS 203. One change from the draft is that the final document explicitly allows storing the private decapsulation key as a seed. This is a plea to the cryptography engineering community: let’s all agree to only use seeds a...
WordPress plugin InstaWP Connect security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-37257 · WordPress · Page/Post Clone
Name of the Vulnerable Software and Affected Versions: Page and Post Clone plugin for WordPress versions up to, and including, 6.0 Description: The issue allows authenticated attackers with Author-level access and above to clone and read private posts due to missing validation on a user-controlle...
CVE-2024-4603
...
Red Hat Satellite 安全漏洞
Red Hat Satellite is a suite of system management platforms from Red Hat, an American company. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satelli...
Man-in-the-Middle (MITM)
Salt vulnerable to Man-in-the-Middle MITM. The vulnerability is due to the absence of SSH host key validation in the default configuration of salt-ssh, which can be exploited by attackers to carry out man-in-the-middle attacks...
Red Hat JBoss Enterprise Application Platform 安全漏洞
Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. The platform is primarily used to build, deploy and host Java applications and services. A security vulnerability exists in Red Hat JBoss Enterprise Application Platform, which...