Lucene search
K

159 matches found

CNNVD
CNNVD
added 2025/06/13 12:0 a.m.2 views

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration and remote execution application from the Salt project. Salt has a security vulnerability that stems from vulnerability to replay attacks when TLS encrypted transmissions are not used...

2.7CVSS6.6AI score0.00214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/06 2:7 p.m.21 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS7.3AI score0.00065EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/06/05 8:2 p.m.9 views

Weblate: exposure of personal IP address via email.

The exposure of personal IP addresses through email messages has been identified as a potential security issue. Email messages can pass through multiple servers, which may store or record the content, including the user's IP address, even if the email is encrypted during transit. The user's IP...

6.8AI score
Exploits0
NVD
NVD
added 2025/06/04 2:15 p.m.10 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS0.00065EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/04 1:26 p.m.10 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS7.2AI score0.00065EPSS
Exploits0References1
CVE
CVE
added 2025/06/04 1:26 p.m.57 views

CVE-2025-48960

CVE-2025-48960 concerns a weak server key used for TLS encryption affecting Acronis Cyber Protect 16 on Linux, macOS, and Windows before build 39938 . The vulnerability is caused by inadequate key material in the TLS setup, leading to low confidentiality (C) and partial integrity issues (I) per t...

5.9CVSS7.2AI score0.00065EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/04 1:26 p.m.18 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS0.00065EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.6 views

PT-2025-23803 · Acronis · Acronis Cyber Protect 16

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 39938 Description: The issue is related to a weak server key used for TLS encryption. This affects Acronis Cyber Protect 16 on various operating systems, including Linux, macOS, and Windows...

5.9CVSS5.5AI score0.00065EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 11:19 p.m.14 views

CVE-2022-37177

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence...

7.5CVSS7.1AI score0.00375EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.7 views

CVE-2021-42017

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM...

5.9CVSS5.4AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 a.m.7 views

CVE-2019-9013

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component a...

8.8CVSS6.9AI score0.00303EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/23 6:16 a.m.17 views

Security Bulletin: A vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2024-56128)

Summary There is a Kafka vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation...

5.3CVSS6.7AI score0.0078EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/22 3:34 a.m.28 views

Security Bulletin: Vulnerability in Apache Kafka's SCRAM implementation affects watsonx.data

Summary Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary:...

5.3CVSS6.8AI score0.0078EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2020-1968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have...

4.3CVSS6.2AI score0.04803EPSS
Exploits0References3
OSV
OSV
added 2024/12/24 7:12 p.m.313 views

BIT-KAFKA-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

5.3CVSS5.7AI score0.0078EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/12/19 1:54 a.m.12 views

CVE-2024-56128

A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM, which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the...

7.4CVSS7AI score0.0078EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/12/18 3:33 p.m.20 views

Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

5.3CVSS7.1AI score0.0078EPSS
Exploits0References8Affected Software4
NVD
NVD
added 2024/12/18 2:15 p.m.22 views

CVE-2024-56128

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

5.3CVSS0.0078EPSS
Exploits0References5
OSV
OSV
added 2024/12/18 2:15 p.m.3 views

CVE-2024-56128

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

5.3CVSS7.4AI score
Exploits0References5
Cvelist
Cvelist
added 2024/12/18 1:38 p.m.23 views

CVE-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

0.0078EPSS
Exploits0References4
Rows per page
Query Builder