Lucene search
+L

149 matches found

redhatcve
redhatcve
added 2025/09/06 5:21 p.m.3 views

CVE-2025-26438

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS7.5AI score0.00315EPSS
Exploits0References1
nvd
nvd
added 2025/09/04 6:15 p.m.8 views

CVE-2025-26438

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00315EPSS
Exploits0References2
osv
osv
added 2025/09/04 6:15 p.m.2 views

CVE-2025-26438

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS5.9AI score0.00315EPSS
Exploits0References2
attackerkb
attackerkb
added 2025/09/04 5:11 p.m.5 views

CVE-2025-26438

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS5.7AI score0.00315EPSS
Exploits0References3Affected Software1
osv
osv
added 2025/09/01 12:0 a.m.7 views

ASB-A-255601934

In multiple locations, there is a possible way to impersonate and MitM a device across session by only compromising one session key due to an insecure protocol design on Bluetooth Legacy Secure Connection LSC. This could lead to remote escalation of privilege with no additional execution privileg...

6.8CVSS9.1AI score0.01297EPSS
Exploits1References2
osv
osv
added 2025/06/28 5:57 p.m.12 views

CLSA-2025-1751133420 Fix CVE(s): CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

Update to 8u452-ga fixing a number of CVEs - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-April/019989.html...

7.4CVSS6.8AI score0.0073EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 10:32 a.m.11 views

CVE-2024-52296

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

6.5CVSS6.5AI score0.00333EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 3:28 p.m.8 views

CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection...

4.4CVSS6.7AI score0.00311EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 4:37 a.m.6 views

CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege...

6.7CVSS7.8AI score0.00766EPSS
Exploits1References1
packetstormnews
packetstormnews
added 2025/04/10 12:0 a.m.7 views

OpenSSH 10.0p1

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

7.2AI score
Exploits0
ubuntu
ubuntu
added 2025/03/20 12:37 a.m.8 views

USN-7360-1: Alpine vulnerabilities

It was discovered that Alpine did not use a secure connection under certain circumstances. A remote attacker could possibly use this issue to leak sensitive information. CVE-2020-14929 It was discovered that Alpine could allow untagged responses from an IMAP server before upgrading to a TLS...

7.5CVSS6.4AI score0.01823EPSS
Exploits1
redhatcve
redhatcve
added 2025/02/05 5:24 a.m.15 views

CVE-2024-1638

The documentation specifies that the BTGATTPERMREADLESC and BTGATTPERMWRITELESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when i...

9.1CVSS9.2AI score0.0035EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2024/11/12 3:58 p.m.25 views

CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

6.5CVSS6.5AI score0.00333EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/12 3:58 p.m.25 views

CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

6.5CVSS0.00333EPSS
Exploits0References2
osv
osv
added 2024/11/12 3:58 p.m.19 views

CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

6.5CVSS6.5AI score0.00333EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/10/09 12:0 a.m.4 views

PT-2024-7663 · Curl +9 · Curl +9

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.10.1 Description: The issue is related to the implementation of the HSTS HTTP Strict Transport Security mechanism in the curl utility. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a...

8.6CVSS6.8AI score0.36081EPSS
Exploits8References100
thn
thn
added 2024/09/25 11:20 a.m.14 views

Expert Tips on How to Spot a Phishing Link

Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links: 1. Check Suspicious URLs Phishing URLs are often long, confusing, o...

7.2AI score
Exploits0
redhat
redhat
added 2024/07/18 4:9 p.m.6 views

qtbase: qtbase: Delay any communication until encrypted() can be responded to

A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...

8.6CVSS7.3AI score0.00494EPSS
Exploits0References5
citrix
citrix
added 2024/07/13 12:0 a.m.10 views

Citrix Receiver is Unable to Create a Secure (https://) Connection in the Browser

When launching applications on Internet Explorer 10 using the Citrix Receiver for HTML5 v1.1, the following error message appears: “Citrix Receiver cannot create a secure https:// connection in this browser. Please try a different browser.”...

7.1AI score
Exploits0
cve
cve
added 2024/05/10 12:28 p.m.50 views

CVE-2024-22064

CVE-2024-22064 affects ZTE ZXUN-ePDG, a network node for the VoWifi system. The vulnerability arises from by-default configuration that uses a set of non-unique cryptographic keys during establishing a secure IKE connection with mobile devices. If these keys are leaked or cracked, user session in...

8.3CVSS7AI score0.00457EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder