18 matches found
EUVD-2023-38295
Malicious code in bioql PyPI...
CVE-2025-34222
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose four admin routes – /admin/hp/certupload, /admin/hp/certdelete, /admin/certs/ca, and /admin/certs/serviceclients/scid – without any...
CVE-2023-34196
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...
CVE-2023-39467
Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability...
CVE-2023-50872
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...
CVE-2023-34196
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...
CVE-2023-34196
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...
CVE-2022-20230
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
F5 Networks BIG-IP : Apache vulnerability (K42644206)
Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager EM andmanaged BIG-IP devices. CVE-2017-6146...
TP-Link TL-SG108E Certificate Disclosure Vulnerability
The TP-Link TL-SG108E is a Gigabit Ethernet switch. A security vulnerability exists in the TP-Link TL-SG108E. A remote attacker can exploit the vulnerability to read 'SEND data' logs and retrieve certificates...
Wireless IP Camera (P2P) WIFICAMRSA Key and Certificate Disclosure Vulnerability
Wireless IP Camera P2P WIFICAM is a wireless IP camera. Wireless IP Camera P2P WIFICAM RSA key and certificate disclosure vulnerability. /system/www/pem/ck.pem contains an Apple certificate with a private RSA key, which can be exploited by an attacker to obtain sensitive information...
IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2017-01846)
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM WAS. An...
Cross-site scripting vulnerability in multiple IBM Rational products (CNVD-2016-13288)
IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...
MySQL 5.5.45 (64bit) Local Certificate Disclosure Vulnerability
Oracle MySQL is an open source relational database management system. A local certificate disclosure vulnerability exists in MySQL version 5.5.45. It allows an attacker to obtain the username and password provided for accessing the database...
Disclosure of arbitrary certificate files - ownCloud
The 'Import root certificate' ability that users are able to use once filesexternal is enabled allows users to import their own root certificates for connections. e.g. server-to-server shares to servers using a self-signed certificate or external storages The functionality was using the PHP OpenS...
Microsoft Windows Xbox Live Certificate Disclosure Vulnerability
Microsoft windows is a popular operating system. The private key used for .xboxlive.com SSL/TLS certificates on Microsoft Windows systems has been compromised, allowing remote attackers to exploit the vulnerability for man-in-the-middle attacks...
GLSA-200803-30 : ssl-cert eclass: Certificate disclosure
The remote host is affected by the vulnerability described in GLSA-200803-30 ssl-cert eclass: Certificate disclosure Robin Johnson reported that the docert function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as srccompile or srcinstall, which will resul...
ssl-cert eclass: Certificate disclosure
Background The ssl-cert eclass is a code module used by Gentoo ebuilds to generate SSL certificates. Description Robin Johnson reported that the docert function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as srccompile or srcinstall, which will result in...