Lucene search
K

22 matches found

OSV
OSV
added 2026/02/06 10:55 p.m.4 views

CVE-2026-25793 Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

7.6CVSS5.4AI score0.00133EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 8:5 p.m.8 views

GHSA-69X3-G4R3-P962 Blocklist Bypass possible via ECDSA Signature Malleability

Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...

7.6CVSS5.7AI score0.00133EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/06 8:5 p.m.11 views

Blocklist Bypass possible via ECDSA Signature Malleability

Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...

8.1CVSS5.7AI score0.00133EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-21161

Malware in sbrugna...

7.8CVSS7.7AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-8014

Malware in sbrugna...

5.9CVSS5.7AI score0.0108EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-8015

Malware in sbrugna...

8.1CVSS7.9AI score0.0106EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2023/10/09 12:0 a.m.5 views

Debian: Security Advisory (DLA-3608-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.31 views

Debian: Security Advisory (DLA-132-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.8AI score0.98685EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/19 4:18 a.m.16 views

Security Bulletin: A vulnerability in Java SE related to the Libraries component affects IBM Control Center (CVE-2020-14782)

Summary A flaw in the CertPath implementation allows certificate fingerprint checks to be bypassed under certain circumstances. The fix ensures that certificate fingerprint checks cannot be bypassed in this way. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability...

4.3CVSS4.7AI score0.02245EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2015:0172-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.98685EPSS
Exploits0References3
NVD
NVD
added 2018/12/06 2:29 p.m.19 views

CVE-2018-9567

On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System...

7.8CVSS8.2AI score0.00146EPSS
Exploits0References2
Prion
Prion
added 2018/12/06 2:29 p.m.11 views

Privilege escalation

On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System...

7.2CVSS7.6AI score0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/12/06 2:0 p.m.20 views

CVE-2018-9567

On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System...

7.8AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2018/12/06 2:0 p.m.44 views

CVE-2018-9567

CVE-2018-9567 affects Pixel devices: a bug in verified boot causes the certificate fingerprint to appear identical despite different signing keys, enabling local privilege escalation with no user interaction. The Android Security Bulletin (Dec 2018) indicates patches at the 2018-12-01 and 2018-12...

7.8CVSS7.6AI score0.00146EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.40 views

Oracle: Security Advisory (ELSA-2015-0800)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.98685EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2015/04/13 12:0 a.m.69 views

openssl security update

0.9.8e-33 - fix CVE-2014-8275 without introduction of CVE-2015-0286 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix...

7.5CVSS2.9AI score0.98685EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.60 views

Debian DLA-132-1 : openssl security update (FREAK)

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2014-3570 Pieter Wuille of Blockstream reported that the bignum squaring BNsqr may produce incorrect results on some...

5CVSS7.5AI score0.98685EPSS
Exploits0References7
OSV
OSV
added 2015/02/04 12:44 p.m.10 views

SUSE-SU-2015:0305-1 Security update for compat-openssl098

The openssl 0.9.8j compatibility package was updated to fix several security vulnerabilities: CVE-2014-3570: Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. CVE-2014-3571: Fix crash in dtls1getrecord whilst in the listen state where you get two separate rea...

7.4CVSS6.3AI score0.98685EPSS
Exploits9References15
Tenable Nessus
Tenable Nessus
added 2015/02/02 12:0 a.m.39 views

SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10208)

OpenSSL compat-openssl097g has been updated to fix various security issues. More information can be found in the openssl advisory: http://openssl.org/news/secadv20150108.txt . The following issues have been fixed : - Bignum squaring BNsqr may have produced incorrect results on some platforms,...

5CVSS7.3AI score0.98685EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2015/02/02 12:0 a.m.53 views

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10150)

OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv20150108.txt . The following issues have been fixed : - Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. bsc912296...

5CVSS7.3AI score0.98685EPSS
Exploits0References18
Rows per page
Query Builder