CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

292 matches found

CNNVD•added 2024/04/09 12:0 a.m.•1 views

WordPress Plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS8.4AI score0.00247EPSS

Exploits0References3

OSV•added 2024/03/06 10:54 a.m.•34 views

BIT-KAFKA-2021-38153 Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS6.4AI score0.0152EPSS

Exploits0References12

Positive Technologies•added 2023/11/28 12:0 a.m.•4 views

PT-2023-32571 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 5.13.3 Description: The issue allows authenticated attackers with contributor-level access and above to retrieve arbitrary post meta values, which...

4.3CVSS5.4AI score0.00125EPSS

Exploits1References7

OSV•added 2023/11/03 1:15 a.m.•1 views

CVE-2023-46176

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535...

7.8CVSS5.8AI score0.0002EPSS

Exploits0References2

CNNVD•added 2023/10/25 12:0 a.m.•5 views

light-oauth2 Trust Management Issue Vulnerability

light-oauth2 is networknt open source a light-4j based fast , lightweight cloud-native OAuth 2.0 authorization microservice . light-oauth2 version 2.1.27 before the existence of a security vulnerability , the vulnerability stems from obtaining the public key without any validation , allowing an...

5.9CVSS6.7AI score0.00174EPSS

Exploits1References3

OSV•added 2023/09/28 11:52 a.m.•5 views

SUSE-SU-2023:3886-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880 There are no direct source changes. The CVE is fixed...

5.3CVSS6.3AI score0.00122EPSS

Exploits0References3

OSV•added 2023/08/10 7:15 p.m.•1 views

CVE-2023-23342

If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented...

7.1CVSS5.8AI score0.00065EPSS

Exploits0References1

CNNVD•added 2023/08/10 12:0 a.m.•2 views

HCL Technologies HCL Nomad Security Vulnerability

HCL Technologies HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL Technologies, USA. A security vulnerability exists in HCL Technologies HCL Nomad prior to version 1.0.7, which stems from a vulnerability that allows an attac...

7.1CVSS6.4AI score0.00065EPSS

Exploits0References2

OSV•added 2023/07/12 6:30 p.m.•14 views

GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

4.8CVSS3.9AI score0.0015EPSS

Exploits0References3

Github Security Blog•added 2023/07/12 6:30 p.m.•26 views

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

3.7CVSS6.4AI score0.0015EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2023/07/12 12:0 a.m.•4 views

PT-2023-26195 · Oracle +1 · Jenkins Oracle Cloud Infrastructure Compute Classic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Oracle Cloud Infrastructure Compute Plugin versions 1.0.16 and earlier Description: The issue concerns the lack of SSH host key validation when connecting to OCI clouds, which could enable man-in-the-middle attacks. This allows for th...

4.8CVSS3.7AI score0.0015EPSS

Exploits0References6

CNNVD•added 2023/05/24 12:0 a.m.•4 views

Briar 安全漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.5.3,...

7.4CVSS7.2AI score0.00275EPSS

Exploits1References2

CNNVD•added 2023/05/17 12:0 a.m.•1 views

libcurl 资源管理错误漏洞

libcurl is a tool for transferring data from or to a server. A security vulnerability exists in libcurl that stems from the fact that libcurl provides the ability to validate the public key of an SSH server using a SHA 256 hash; when this check fails, libcurl releases the memory of the fingerprin...

7.5CVSS6.8AI score0.0032EPSS

Exploits1References14

Prion•added 2023/04/05 8:15 p.m.•12 views

Code injection

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5CVSS5.3AI score0.00291EPSS

Exploits1References2Affected Software1

OSV•added 2023/03/17 2:42 p.m.•23 views

GHSA-CQVM-J2R2-HWPG russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

5.9CVSS5.6AI score0.00187EPSS

Exploits1References9

Github Security Blog•added 2023/03/17 2:42 p.m.•16 views

russh may use insecure Diffie-Hellman keys

5.9CVSS6AI score0.00187EPSS

Exploits1References9Affected Software1

NVD•added 2023/03/16 9:15 p.m.•8 views

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

5.9CVSS5.5AI score0.00187EPSS

Exploits1References6

Positive Technologies•added 2023/03/16 12:0 a.m.•2 views

PT-2023-21572 · Russh · Russh

Name of the Vulnerable Software and Affected Versions: russh versions 0.34.0 through 0.36.1 russh versions 0.37.0 Description: The issue is related to insufficient Diffie-Hellman key validation, which can lead to insecure shared secrets and break confidentiality. This can result in eavesdropping,...

5.9CVSS5.6AI score0.00187EPSS

Exploits1References12

Vulnrichment•added 2023/03/16 12:0 a.m.•8 views

CVE-2023-28113 russh may use insecure Diffie-Hellman keys

5.9CVSS5.5AI score0.00187EPSS

Exploits1References6

SUSE CVE•added 2023/02/15 4:53 a.m.•3 views

SUSE CVE-2016-1000346

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are...

3.7CVSS8AI score0.00962EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by