Lucene search
K

6 matches found

OSV
OSV
added 2026/06/26 10:50 p.m.3 views

GHSA-8JGF-23Q5-X7XX ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass

Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...

8.7CVSS6AI score0.00226EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44365

Name of the Vulnerable Software and Affected Versions ex aws sns versions 2.0.1 through 2.3.4 Description Improper Certificate Validation in the ExAws.SNS and ExAws.SNS.PublicKeyCache modules allows for signature spoofing. The function verify message fetches the signing certificate from the...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-32252

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.9 views

CVE-2023-28582

Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake...

9.8CVSS7.1AI score0.00439EPSS
Exploits0References1
OSV
OSV
added 2022/02/24 3:15 p.m.2 views

DEBIAN-CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

6.5CVSS6.4AI score0.00618EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2015/11/23 12:0 a.m.44 views

wireshark security, bug fix, and enhancement update

1.10.14-7.0.1 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.10.14-7 - Rebase some tvbuff API from upstream to 1.10.14 - Fixes crash when tvblengthremaining is used - Related: CVE-2015-6244 1.10.14-6 - Security patch - Resolves: CVE-2015-3182 1.10.14-5 - Fix crash...

7.8CVSS0.3AI score0.046EPSS
Exploits0
Rows per page
Query Builder