Lucene search
+L

122 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2022-39237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not...

9.8CVSS6.7AI score0.00477EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/03/04 12:0 a.m.7 views

CVE-2025-26849

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules...

4.3CVSS4.5AI score0.00234EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/01/01 12:0 a.m.11 views

PT-2026-7944

Name of the Vulnerable Software and Affected Versions WWW::OAuth versions 1.000 and earlier Description The software utilizes the rand function as the default source of entropy for cryptographic functions, which is not cryptographically secure. This can potentially compromise the security of...

7.3CVSS5.3AI score0.00255EPSS
Exploits0References13
cvelist
cvelist
added 2024/12/30 4:19 p.m.37 views

CVE-2024-56516 free-one-api uses md5 for password storage

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no...

6.9CVSS0.00328EPSS
Exploits0References2
osv
osv
added 2024/11/29 6:26 p.m.9 views

CVE-2024-52801 Brute force takeover of OpenID Connect session cookies in sftpgo

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

5.3CVSS6.5AI score0.00389EPSS
Exploits0References5
redos
redos
added 2024/02/12 12:0 a.m.53 views

ROS-20240212-01

A vulnerability in the PKCS11 function of the ssh-agent component of the OpenSSH cryptographic security tool is related to the following the use of an insecure search path. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute...

9.8CVSS7.9AI score0.76768EPSS
Exploits10
bdu_fstec
bdu_fstec
added 2023/12/21 12:0 a.m.15 views

The vulnerability of the OpenSSH cryptographic protection lies in the possibility of introducing or modifying arguments, allowing attackers to execute arbitrary commands.

The vulnerability of the SSH protocol lies in the fact that it relies on the execution or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

6.5CVSS7.1AI score0.19753EPSS
Exploits8References16Affected Software8
osv
osv
added 2023/08/29 4:46 p.m.50 views

CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

4.3CVSS4.6AI score0.00309EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2023/07/13 7:3 p.m.16 views

CVE-2023-30561 Lack of Cryptographic Security of IUI Bus

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...

6.1CVSS6.8AI score0.00189EPSS
Exploits0References1
cvelist
cvelist
added 2023/07/13 7:3 p.m.37 views

CVE-2023-30561 Lack of Cryptographic Security of IUI Bus

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...

6.1CVSS6.2AI score0.00189EPSS
Exploits0References1
schneier
schneier
added 2023/06/19 10:52 a.m.9 views

Power LED Side-Channel Attack

This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­--or of an attached peripheral device--­during cryptographic operations. This technique allowed the researchers to pull a...

10AI score
Exploits0
susecve
susecve
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-4107

The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...

5.1CVSS7.2AI score0.03013EPSS
Exploits0References3
veracode
veracode
added 2023/01/11 5:54 a.m.16 views

Uncontrolled Resource Consumption

github.com/flynn/noise is vulnerable to uncontrolled resource consumption. The weakened cryptographic security after encrypting 2^64 messages causes multiple messages to be encrypted with the same key and nonce resulting in denial of service conditions. Additionally the Decrypt function increment...

7.5CVSS1.9AI score0.00354EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/12/28 12:30 a.m.36 views

GHSA-6CR6-FMVC-VW2P Noise vulnerable to denial of service

Noise is a Go implementation of the Noise Protocol Framework. The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the...

7.7CVSS7.3AI score0.00354EPSS
Exploits0References5
github
github
added 2022/12/28 12:30 a.m.19 views

Noise vulnerable to denial of service

Noise is a Go implementation of the Noise Protocol Framework. The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the...

7.5CVSS3.6AI score0.00354EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2022/12/27 10:15 p.m.20 views

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

7.5CVSS0.00354EPSS
Exploits0References2
prion
prion
added 2022/12/27 10:15 p.m.10 views

Design/Logic Flaw

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

5CVSS7.3AI score0.00354EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2022/12/27 9:13 p.m.2 views

CVE-2021-4239 Weak encryption and denial of service in github.com/flynn/noise

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

7.4AI score0.00354EPSS
Exploits0References2
cvelist
cvelist
added 2022/12/27 9:13 p.m.27 views

CVE-2021-4239 Weak encryption and denial of service in github.com/flynn/noise

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

7.6AI score0.00354EPSS
Exploits0References2
debiancve
debiancve
added 2022/12/27 9:13 p.m.35 views

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

7.5CVSS7.3AI score0.00354EPSS
Exploits0
Rows per page
Query Builder