CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-45192

CVE-2024-45192 affects Matrix libolm up to version 3.2.16. The issue is a cache-timing vulnerability caused by decoding group session keys with base64 in the libolm implementation of Olm, potentially exposing timing-related information. NOTE: the vulnerability targets products that are no longer ...

CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

(Pwn2Own) Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

DEBIAN-CVE-2024-32662

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded. The string is only used to compare against t...

FAUST: A Phobos Ransomware Variant Launches Fileless Attack

Summary: FAUST ransomware, a variant of the Phobos family, exhibiting intricate deployment stages, from decoding Base64 data to injecting shellcode. Notably, it employs a fileless attack through an Office document with a VBA script, emphasizing the need for user caution with document files from...

Design/Logic Flaw

A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text...

Xantech WIC1200 Security Vulnerability

The Xantech WIC1200 is a Web Intelligence Controller from Xantech. A security vulnerability exists in the Xantech WIC1200 version 1.1 that originates from a vulnerability that allows a remote user to intercept traffic and retrieve other users' credentials and decode them in Base64, which can be...

Rockwell Automation Stratix OpenSSL Base64 Decoding Memory Corruption (CVE-2015-0292)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or corrupt portions of OpenSSL process memory. This plugin only works with Tenable.ot. Pleas...

CVE-2023-41104

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...

Authentication flaw

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...

CVE-2023-41104

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...

Milesight UR32L uhttpd login buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1697 Milesight UR32L uhttpd login buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-23902 SUMMARY A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead ...

Nextcloud: Open redirect on "Unsupported browser" warning

An open redirect vulnerability was found in Nextcloud's UnsupportedBrowser.vue component. Attackers could construct a malicious URL that includes the redirecturl parameter and a URL of their choice, which would redirect the user to the attacker's URL without validating the decoded URL or checking...

K22251611: Attack signature check security exposure

Security Advisory Description BIG-IP Advanced WAF and BIG-IP ASM systems incorrectly handle certain requests. This issue occurs when the following condition is met: BIG-IP Advanced WAF and BIG-IP ASM handle a malicious request when a parameter with Base64 decoding is enabled. Impact The attack...

K16302: OpenSSL vulnerability CVE-2015-0292

Security Advisory Description Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly...

SUSE CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

CVE-2022-26964

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded...