Lucene search
K

346 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/04/14 6:13 p.m.31 views

Metasploit Weekly Wrap-Up

Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidataudadminauthbypass exploits an authentication bypass to ultimately gain remote...

10.7AI score0.62136EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.23 views

RHEL 9 : nss (RHSA-2023:1368)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1368 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

8.8CVSS7.7AI score0.00817EPSS
Exploits0References6
OSV
OSV
added 2023/03/06 4:26 p.m.2 views

USN-5892-2 nss vulnerability

USN-5892-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cau...

8.8CVSS7AI score0.00817EPSS
Exploits0References2
OSV
OSV
added 2022/08/19 2:11 p.m.12 views

SUSE-SU-2022:2856-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Updated to version jdk8u345 icedtea-3.24.0 - CVE-2022-21540: Fixed a potential Java sandbox bypass bsc1201694. - CVE-2022-21541: Fixed a potential Java sandbox bypass bsc1201692. - CVE-2022-34169: Fixed an issue where arbitrary byteco...

7.5CVSS6.7AI score0.17673EPSS
Exploits2References8
OpenVAS
OpenVAS
added 2022/08/17 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2022:2819-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.17673EPSS
Exploits2References7
OSV
OSV
added 2022/08/16 11:23 a.m.4 views

SUSE-SU-2022:2819-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Updated to version jdk8u345 icedtea-3.24.0 - CVE-2022-21540: Fixed a potential Java sandbox bypass bsc1201694. - CVE-2022-21541: Fixed a potential Java sandbox bypass bsc1201692. - CVE-2022-34169: Fixed an issue where arbitrary byteco...

7.5CVSS6.7AI score0.17673EPSS
Exploits2References8
BDU FSTEC
BDU FSTEC
added 2022/03/30 12:0 a.m.9 views

The vulnerability of the mbedtls_pkcs12_derivation function in Mbed TLS software implementations allows a attacker to cause a service failure.

The vulnerability of the mbedtlspkcs12derivation function in Mbed TLS software implementations for TLS and SSL protocols is related to errors in processing the length of the input password. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

5.3CVSS7.1AI score0.02214EPSS
Exploits1References9Affected Software2
OSV
OSV
added 2022/03/24 6:15 p.m.1 views

DEBIAN-CVE-2021-43666

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtlspkcs12derivation function when an input password's length is 0...

7.5CVSS7.3AI score0.02214EPSS
Exploits1References1
OSV
OSV
added 2022/03/24 6:15 p.m.3 views

UBUNTU-CVE-2021-43666

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtlspkcs12derivation function when an input password's length is 0...

7.5CVSS7.1AI score0.02214EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:1 a.m.15 views

Security Bulletin: Event Streams documentation for generating .p12 files incorrectly adds the CA key into the file (CVE-2021-29792)

Summary Event Streams documentation for generating .p12 files incorrectly adds the CA private key into the file which results in the CA private key being added to the trust store. This trust store is distributed to client applications via the Event Streams UI and CLI and so gives client access to...

7.2CVSS0.7AI score0.00472EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/05/07 11:15 a.m.3 views

CVE-2020-36127

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...

6.5CVSS5.5AI score0.00681EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2021/01/17 11:53 a.m.85 views

Exploit for Improper Certificate Validation in Microsoft

CurveBall CVE-2020-0601 - PoC This vulnerability, known as...

8.1CVSS8.1AI score0.89436EPSS
Exploits14
Github Security Blog
Github Security Blog
added 2020/05/22 7:23 p.m.156 views

Private key leak in Apache CXF

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS0.8AI score0.0606EPSS
Exploits0References12Affected Software2
GithubExploit
GithubExploit
added 2020/02/03 1:58 p.m.83 views

Exploit for Improper Certificate Validation in Microsoft

CVE-2020-0601 PoC for CVE-2020-0601 – Windows CryptoAPI Cry...

8.1CVSS7AI score0.89436EPSS
Exploits14
Oracle linux
Oracle linux
added 2019/11/14 12:0 a.m.54 views

openssl security, bug fix, and enhancement update

1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...

7.4CVSS1AI score0.12154EPSS
Exploits0
NVD
NVD
added 2019/09/05 10:15 p.m.28 views

CVE-2019-14222

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

9.8CVSS9.4AI score0.03014EPSS
Exploits1References1
Prion
Prion
added 2019/09/05 10:15 p.m.25 views

Design/Logic Flaw

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

7.5CVSS9.3AI score0.03014EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/04 3:42 p.m.31 views

Sensitive Data Exposure in pem

Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...

2.8AI score
Exploits0References5Affected Software1
PyPA
PyPA
added 2018/10/08 3:29 p.m.7 views

PYSEC-2018-24

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

5.9CVSS6.8AI score0.01895EPSS
Exploits0References5Affected Software1
n0where
n0where
added 2016/06/27 3:37 a.m.19 views

Command Line Certificate Examination Utility: certigo

Command Line Certificate Examination Utility Certigo is a utility to examine and validate certificates in a variety of formats. Install To install certigo, simply use: go get -u github.com/square/certigo Note that certigo requires Go 1.6 or later to build. Usage Certigo can read...

0.8AI score
Exploits0References1
Rows per page
Query Builder