Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5941 matches found

NVD
NVDadded 2023/01/18 12:15 a.m.29 views

CVE-2022-38469

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords...

7.5CVSS7.7AI score0.00611EPSS
Exploits0References2
Prion
Prionadded 2023/01/18 12:15 a.m.13 views

Design/Logic Flaw

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords...

5CVSS7.9AI score0.00611EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2023/01/18 12:0 a.m.3 views

MatrixSSL 安全漏洞

Inside Secure MatrixSSL is an embedded, open-source SSLv3 stack designed for small applications and devices from Inside Secure, France. A security vulnerability exists in MatrixSSL version 4.5.1-open and prior versions that stems from an inability to securely check the SessionID field, which coul...

7.5CVSS7.3AI score0.00861EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/01/18 12:0 a.m.27 views

CVE-2022-46505

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...

7.7AI score0.00861EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/01/18 12:0 a.m.6 views

PT-2023-14952 · Matrixssl · Matrixssl

Name of the Vulnerable Software and Affected Versions: MatrixSSL versions 4.5.1-open and earlier Description: An issue leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. Recommendations: For MatrixSSL versions...

7.5CVSS6.5AI score0.00861EPSS
Exploits1References6
CVE
CVEadded 2023/01/18 12:0 a.m.55 views

CVE-2022-46505

CVE-2022-46505 affects MatrixSSL up to version 4.5.1-open. The issue is a failure to securely validate the SessionID, enabling misuse of an all-zero MasterSecret that can decrypt secret data. Public references in the provided documents consistently tie the vulnerability to MatrixSSL’s SessionID h...

7.5CVSS7.5AI score0.00861EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2023/01/17 11:50 p.m.21 views

CVE-2022-38469

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords...

7.5CVSS7.7AI score0.00611EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/01/17 11:50 p.m.10 views

CVE-2022-38469

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References2
CVE
CVEadded 2023/01/17 11:50 p.m.61 views

CVE-2022-38469

GE Digital Proficy Historian is affected by CVE-2022-38469, where an unauthorized network attacker with the decryption key could decrypt sensitive data (e.g., usernames and passwords) due to weak cryptography. Connected sources identify the vulnerable component as the Historian platform (v7.0+ pe...

7.5CVSS7.4AI score0.00611EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2023/01/17 12:0 a.m.6 views

PT-2023-1151 · Ge · Proficy Historian

Name of the Vulnerable Software and Affected Versions: GE Proficy Historian affected versions not specified Description: The issue is related to weak password cryptography in the platform. An unauthorized user with network access and the decryption key could decrypt sensitive data, such as...

7.8CVSS7.5AI score0.00611EPSS
Exploits0References11
Metasploit
Metasploitadded 2023/01/12 7:51 p.m.694 views

Gather Dbeaver Passwords

This module will determine if Dbeaver is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible. Module Options msf use post/multi/gather/dbeaver msf postdbeaver...

6.9AI score
Exploits0
NVD
NVDadded 2023/01/12 3:15 p.m.32 views

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

6.5CVSS7.1AI score0.0369EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2023/01/12 3:15 p.m.1 views

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

6.5CVSS6.8AI score0.0369EPSS
Exploits0References9
OSV
OSVadded 2023/01/12 3:15 p.m.2 views

DEBIAN-CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

6.5CVSS6.8AI score0.0369EPSS
Exploits0References1
OSV
OSVadded 2023/01/12 3:15 p.m.2 views

ALPINE-CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

6.5CVSS7.2AI score0.0369EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2023/01/11 12:0 a.m.39 views

GLSA-202301-08 : Mbed TLS: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202301-08 Mbed TLS: Multiple Vulnerabilities - A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affec...

9.8CVSS7AI score0.02569EPSS
Exploits6References23
OSV
OSVadded 2023/01/10 3:30 a.m.2 views

GHSA-2PJ2-GCHF-WMW7 Zip4j Origin Validation Error

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3...

5.9CVSS7AI score0.00619EPSS
Exploits1References9
NVD
NVDadded 2023/01/10 2:15 a.m.21 views

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

5.9CVSS6AI score0.00619EPSS
Exploits1References6
Prion
Prionadded 2023/01/10 2:15 a.m.27 views

Authentication flaw

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

2.6CVSS5.7AI score0.00619EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2023/01/10 2:15 a.m.2 views

UBUNTU-CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

5.9CVSS6.6AI score0.00619EPSS
Exploits1References7
Rows per page
Query Builder