CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5313 matches found

NVD•added 2024/09/10 9:15 a.m.•17 views

CVE-2024-39583

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...

9.8CVSS0.00295EPSS

Exploits0References1

Cvelist•added 2024/09/10 8:45 a.m.•27 views

CVE-2024-39583

8.1CVSS0.00295EPSS

Exploits0References1

CVE•added 2024/09/10 8:45 a.m.•62 views

CVE-2024-39583

Dell PowerScale InsightIQ (versions 5.0–5.1) is affected by CVE-2024-39583 due to use of a broken or risky cryptographic algorithm, enabling an unauthenticated attacker with remote access to potentially achieve elevation of privilege. Publicly available connected documents confirm the affected pr...

9.8CVSS7.2AI score0.00295EPSS

Exploits0References1Affected Software1

Securelist•added 2024/09/09 7:0 a.m.•15 views

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

7.3AI score

Exploits0

Tenable Nessus•added 2024/09/09 12:0 a.m.•31 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:6428)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6428 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

9.8CVSS6.8AI score0.30129EPSS

Exploits2References28

NVD•added 2024/09/05 7:15 p.m.•19 views

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS0.00236EPSS

Exploits0References3

OSV•added 2024/09/05 7:15 p.m.•14 views

CVE-2024-45157

5.1CVSS6.7AI score

Exploits0References3

OSV•added 2024/09/05 7:15 p.m.•3 views

ALPINE-CVE-2024-45157

5.1CVSS6.9AI score0.00236EPSS

Exploits0References1

RedHat Linux•added 2024/09/05 2:13 p.m.•3 views

python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.3AI score0.00307EPSS

Exploits1References4

Cvelist•added 2024/09/05 12:0 a.m.•42 views

CVE-2024-45157

0.00236EPSS

Exploits0References3

CVE•added 2024/09/05 12:0 a.m.•68 views

CVE-2024-45157

CVE-2024-45157 affects Mbed TLS releases prior to 2.28.9 and 3.x prior to 3.6.1, where the user-selected algorithm is not honored. Specifically, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not switch PSA to HMAC_DRBG; HMAC_DRBG is used only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRB...

5.1CVSS6.9AI score0.00236EPSS

Exploits0References3Affected Software1

CNNVD•added 2024/09/05 12:0 a.m.•4 views

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 2.28.9 that stems from not using a user-selected algorithm...

5.1CVSS6.3AI score0.00236EPSS

Exploits0References4

Debian CVE•added 2024/09/05 12:0 a.m.•14 views

CVE-2024-45157

5.1CVSS5.2AI score0.00236EPSS

Exploits0

Positive Technologies•added 2024/09/05 12:0 a.m.•2 views

PT-2024-9166 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Server versions prior to 30.0.0 Description: The issue is related to the use of a reversible one-way hash function in Nextcloud Server, which...

9.8CVSS5.5AI score0.01041EPSS

Exploits6References94

Vulnrichment•added 2024/09/05 12:0 a.m.•14 views

CVE-2024-45157

6.8AI score0.00236EPSS

Exploits0References3

AlpineLinux•added 2024/09/05 12:0 a.m.•16 views

CVE-2024-45157

5.1CVSS7AI score0.00236EPSS

Exploits0

NVD•added 2024/09/03 8:15 p.m.•27 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS0.00329EPSS

Exploits0References6

RedHat Linux•added 2024/09/03 8:0 p.m.•4 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00661EPSS

Exploits0References11

RedHat Linux•added 2024/09/03 7:57 p.m.•5 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

5.9CVSS7.3AI score0.00661EPSS

Exploits0References11

RedHat Linux•added 2024/09/03 6:57 p.m.•4 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

5.9CVSS7.3AI score0.00661EPSS

Exploits0References11

Rows per page