Lucene search
K

100 matches found

OSV
OSV
added 2024/08/22 11:15 a.m.3 views

CVE-2024-39745

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS5.5AI score0.00302EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/08 12:0 a.m.18 views

RHEL 9 : gvisor-tap-vsock (RHSA-2024:4379)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4379 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for...

7.5CVSS8.2AI score0.01533EPSS
Exploits0References4
NVD
NVD
added 2024/06/11 3:16 p.m.25 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

6.8CVSS0.01042EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/11 2:32 p.m.50 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

6.8CVSS0.01042EPSS
Exploits0References1
CVE
CVE
added 2024/06/11 2:32 p.m.86 views

CVE-2024-23111

CVE-2024-23111 is an XSS vulnerability in FortiOS (7.4.3 and older; 7.2 and 7.0 all versions) and FortiProxy (7.4.2 and older; 7.2 and 7.0 all versions) where the reboot page improperly neutralizes input, allowing a remote attacker with super-admin access to run JavaScript via crafted HTTP GET re...

6.8CVSS6.9AI score0.01042EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.30 views

Fortinet Fortigate xss (FG-IR-23-471)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-471 advisory. - An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS versi...

6.8CVSS7.6AI score0.01042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/14 12:0 a.m.46 views

Rocky Linux 9 : golang (RLSA-2024:2562)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2562 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining...

7.5CVSS7.4AI score0.91969EPSS
Exploits1References15
OSV
OSV
added 2024/05/10 2:32 p.m.26 views

RLSA-2024:2569 Important: grafana-pcp security update

grafana-pcp is an open source Grafana plugin for PCP. Security Fixes: grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS8AI score0.01533EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.23 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2024:1472)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1472 advisory. - A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled...

7.5CVSS7.8AI score0.01533EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.22 views

RHEL 8 : go-toolset:rhel8 (RHSA-2024:1472)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1472 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang-fips/openssl: Memory...

7.5CVSS8.2AI score0.01533EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.25 views

RHEL 7 : go-toolset-1.19-golang (RHSA-2024:1468)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1468 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: golang-fips/openssl...

7.5CVSS8.2AI score0.01533EPSS
Exploits0References3
Prion
Prion
added 2023/12/25 8:15 a.m.20 views

Design/Logic Flaw

The Challenge Response feature of BeyondTrust Privilege Management for Windows PMfW before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...

4CVSS7AI score0.00185EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.23 views

CVE-2023-49944

The Challenge Response feature of BeyondTrust Privilege Management for Windows PMfW before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...

6.6AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2023/12/20 8:31 p.m.13 views

GHSA-MHPQ-9638-X6PW Duplicate Advisory: Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6294-6rgp-fr7r. This link is maintained to preserve external references. Original Description An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted,...

5.3CVSS7.8AI score0.00824EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/12/20 8:31 p.m.24 views

Duplicate Advisory: Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6294-6rgp-fr7r. This link is maintained to preserve external references. Original Description An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted,...

5.4AI score
Exploits0References4Affected Software1
OSV
OSV
added 2023/12/20 5:35 p.m.19 views

GO-2023-2409 Denial of service when decrypting attacker controlled input in github.com/dvsekhvalnov/jose2go

An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service...

7.5CVSS7.3AI score0.00824EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/20 11:15 p.m.4 views

CVE-2023-48051

An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding...

7.5CVSS5.8AI score0.00248EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/23 1:15 a.m.4 views

CVE-2023-46324

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...

7.5CVSS5.9AI score0.00408EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/14 12:0 a.m.3 views

IBM QRadar SIEM Encryption Issues Vulnerabilities

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

7.5CVSS6.3AI score0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/04/07 6:59 p.m.45 views

CVE-2023-22899

A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive...

5.9CVSS6AI score0.00619EPSS
Exploits1References3
Rows per page
Query Builder