Lucene search
K

162 matches found

OSV
OSV
added 2025/02/07 4:15 p.m.4 views

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.5 views

AudioCodes One Voice Operations Center 安全漏洞

AudioCodes One Voice Operations Center AudioCodes OVOC is a web-based voice network management solution from AudioCodes, Inc. A security vulnerability exists in AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582 that stems from the use of a hard-coded key that allows an attacke...

7.5CVSS6.5AI score0.0033EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/02/05 3:39 p.m.2 views

Security update for MozillaFirefox

This update for MozillaFirefox to 128.7esr fixes the following issues: MFSA 2025-09 CVE-2025-1009 bmo1936613 Use-after-free in XSLT CVE-2025-1010 bmo1936982 Use-after-free in Custom Highlight CVE-2025-1011 bmo1936454 A bug in WebAssembly code generation could result in a crash CVE-2025-1012...

8.8CVSS8AI score0.01196EPSS
Exploits0References20
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.2 views

CP Plus CP-VNR-3104 安全漏洞

The CP Plus CP-VNR-3104 is a network video recorder from CP Plus. A security vulnerability exists in the CP Plus CP-VNR-3104 version B3223P22C02424 that stems from improper handling and storage of certificates, which allows an attacker to decrypt communications or perform man-in-the-middle attack...

8.8CVSS7.9AI score0.57474EPSS
Exploits18References4
Snyk
Snyk
added 2025/01/09 4:41 a.m.5 views

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel through the decryption process. An attacker can decrypt messages or forge signatures by exchanging a large number of messages with the vulnerable service Marvin Attack. Workaround This vulnerability can be mitigate...

9.1CVSS7.2AI score0.00626EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/09 4:41 a.m.3 views

Covert Timing Channel

Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Covert Timing Channel through the decryption process. An attacker can decrypt messages or forge signatures by exchanging a large number of messages with the vulnerable service Marvin...

9.1CVSS7.2AI score0.00626EPSS
Exploits0References2
OSV
OSV
added 2024/11/18 6:15 a.m.7 views

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/04 8:56 p.m.6 views

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

7.5CVSS6.8AI score0.00814EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/27 1:6 p.m.5 views

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

5.9CVSS6.9AI score0.02085EPSS
Exploits0References5
NVD
NVD
added 2024/06/14 4:15 a.m.17 views

CVE-2024-27159

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...

6.2CVSS0.00256EPSS
Exploits1References4
CVE
CVE
added 2024/06/14 3:37 a.m.52 views

CVE-2024-27161

CVE-2024-27161 concerns Toshiba multifunction printers (MFPs) with programs containing a hardcoded key used to encrypt files. The root cause is the use of a hardcoded credential and insecure encryption, allowing an attacker who can access the device to decrypt stored/files by using that key. Seve...

6.2CVSS6.9AI score0.00156EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.5 views

The vulnerability of the OpenSSL Handler component in the IPerf3 network bandwidth measurement tool allows a hacker to access confidential information.

The vulnerability of the OpenSSL Handler component in the IPerf3 network bandwidth measurement tool is related to the use of a secondary synchronization channel during RSA decryption operations. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...

5.9CVSS6.6AI score0.01107EPSS
Exploits0References6Affected Software4
RedHat Linux
RedHat Linux
added 2024/05/23 8:46 p.m.6 views

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

4.3CVSS6.7AI score0.01956EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/09 5:18 p.m.3 views

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

4.3CVSS6.7AI score0.01956EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/02 3:57 p.m.3 views

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

4.3CVSS6.7AI score0.01956EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.3 views

kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

7.4CVSS6.8AI score0.01999EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2024/04/05 2:55 p.m.203 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

7.8CVSS7.8AI score0.28058EPSS
Exploits17
RedHat Linux
RedHat Linux
added 2024/03/27 12:15 a.m.41 views

Moderate: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.4CVSS7AI score0.01999EPSS
Exploits0References3
OSV
OSV
added 2024/03/09 1:15 a.m.3 views

UBUNTU-CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

5.9CVSS6.6AI score0.02085EPSS
Exploits0References5
OSV
OSV
added 2024/03/09 12:43 a.m.38 views

CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

4.9CVSS6.2AI score0.02085EPSS
Exploits0References10
Rows per page
Query Builder