Lucene search
K

7 matches found

Veracode
Veracode
added 2026/02/09 12:54 p.m.7 views

Sensitive Information Disclosure

Amazon SageMaker Python SDK is vulnerable to sensitive information disclosure. The vulnerability is due to the ModelBuilder HMAC signing key being returned in cleartext in the DescribeTrainingJob API response, which allows an attacker with API access and S3 output write permissions to upload...

8.5CVSS5.5AI score0.00455EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.7 views

CVE-2026-1777

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

8.5CVSS5.6AI score0.00455EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/28 10:8 a.m.7 views

openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

A flaw was found in OpenSSL. When applications directly call the low-level CRYPTOocb128encrypt or CRYPTOocb128decrypt functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are...

4CVSS5.7AI score0.00115EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-2212

Malware in sbrugna...

5CVSS6.4AI score0.01371EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.16 views

Clario VPN client security vulnerability

Clario VPN client is a VPN client for Mac from Clario. A security vulnerability exists in Clario VPN client macOS version 5.9.1.1662, which originates when the VPN client insecurely configures the operating system so that traffic to the local network is sent outside of the VPN tunnel in cleartext...

5.7CVSS6.5AI score0.00681EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.3 views

SUSE CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

5.9CVSS9AI score0.89058EPSS
Exploits6References22
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.5 views

SUSE CVE-2017-17844

An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block that the attacker cannot directly decrypt to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted...

6.5CVSS7AI score0.01353EPSS
Exploits0References3
Rows per page
Query Builder