Lucene search
+L

263 matches found

OSV
OSV
added 2025/03/19 8:15 p.m.13 views

UBUNTU-CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS6.6AI score0.00179EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/03/03 4:52 p.m.5 views

CVE-2025-27498 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS6.5AI score0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/03 4:52 p.m.42 views

CVE-2025-27498 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS0.00117EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.17 views

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-12797)

The version of cloud-hypervisor-cvm / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12797 advisory. - Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server M...

6.3CVSS7AI score0.02439EPSS
Exploits0References2
CVE
CVE
added 2025/02/22 4:21 a.m.55 views

CVE-2024-13798

CVE-2024-13798: Post Grid and Gutenberg Blocks – ComboBlocks for WordPress allows unauthenticated users to create orders and mark them paid due to insufficient form verification. Affected versions: all up to 2.3.5. Patch available: update to 2.3.5 (or newer) to remediate.

5.3CVSS5.2AI score0.00309EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.7 views

PT-2025-7482 · Medixant · Medixant Radiant Dicom Viewer

Name of the Vulnerable Software and Affected Versions: Medixant RadiAnt DICOM Viewer affected versions not specified Description: The issue is due to the failure of the update mechanism to verify the update server's certificate, which could allow an attacker to alter network traffic and carry out...

5.7CVSS6.8AI score0.00133EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/14 6:52 p.m.11 views

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS6.3AI score0.00392EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/02/14 5:19 p.m.23 views

`gh attestation verify` returns incorrect exit code during verification if no attestations are present

Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...

6.3CVSS7AI score0.00392EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/14 5:19 p.m.55 views

GHSA-FGW4-V983-MGP8 `gh attestation verify` returns incorrect exit code during verification if no attestations are present

Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...

6.3CVSS6.4AI score0.00392EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/14 4:38 p.m.7 views

CVE-2025-25204 `gh attestation verify` returns incorrect exit code during verification if no attestations are present

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS6.3AI score0.00392EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/02/14 4:38 p.m.16 views

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS7.1AI score0.00392EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/14 8:57 a.m.17 views

CVE-2024-13821

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This...

5.3CVSS9.5AI score0.00393EPSS
Exploits0References1
OSV
OSV
added 2025/02/10 9:15 p.m.4 views

CVE-2025-1002

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle MITM attack. This allows the attackers to modify the...

5.3CVSS5.8AI score0.00106EPSS
Exploits0References1
Veracode
Veracode
added 2025/02/06 3:29 a.m.5 views

Authentication Bypass

github.com/edgelesssys/marblerun is vulnerable to Authentication Bypass. The vulnerability is due to the lack of verification that the recovery key was provided by an authorized party, combined with the failure to compare the Coordinator's root certificate against a trusted reference when...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/01/28 5:29 p.m.18 views

ismp-grandpa crate accepted incorrect signatures

A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduce...

9.3CVSS6.8AI score0.00304EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2025/01/22 12:0 a.m.13 views

The vulnerability of GUE tunneling protocols, related to insufficient verification of the communication channel source, allows attackers to execute attacks such as “substitution of the trusted object”.

The vulnerability of GUE tunneling protocols lies in insufficient verification of the source of the communication channel. Exploiting this vulnerability allows a malicious actor to execute attacks such as “substitution of the trusted object” by sending a specially crafted packet containing two IP...

8.1CVSS6.3AI score0.00845EPSS
Exploits0References4
NVD
NVD
added 2025/01/21 9:15 p.m.21 views

CVE-2024-57538

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field anonymousprotectstatus is copied to the stack without length verification...

6.5CVSS0.00693EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/01/14 5:57 p.m.14 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.3AI score0.02262EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/12/28 12:0 a.m.4 views

PT-2024-10878 · Huawei · Huawei Wearables

Name of the Vulnerable Software and Affected Versions: Huawei wearables affected versions not specified Description: The issue is related to the failure of verifying the actual data size when reading data. Successful exploitation may cause a server out of memory OOM. Recommendations: At the momen...

7.5CVSS6.8AI score0.0028EPSS
Exploits0References6
OSV
OSV
added 2024/12/27 10:15 a.m.7 views

CVE-2020-9211

There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. Vulnerability ID: HWPSIRT-2020-051...

7.2CVSS5.7AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder