CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2025/12/13 3:58 p.m.•3 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS6.8AI score0.00061EPSS

Exploits0References1

EUVD•added 2025/12/12 6:30 p.m.•2 views

EUVD-2025-203092

Apache StreamPark: Use the user’s password as the secret key Vulnerability...

5.9CVSS6.5AI score0.00061EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-25819

Malicious code in bioql PyPI...

7.7CVSS7AI score0.00055EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:48 a.m.•2 views

CVE-2023-21652

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use...

7.7CVSS6.7AI score0.00055EPSS

Exploits0References1

OSV•added 2025/02/14 12:12 p.m.•1 views

OESA-2025-1124 etcd security update

%expand: Security Fixes: A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes...

6.5CVSS6.8AI score0.0007EPSS

Exploits0References2

RedHat Linux•added 2024/10/22 3:15 p.m.•5 views

golang-fips: Golang FIPS zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS5.8AI score0.0007EPSS

Exploits0References5

RedHat Linux•added 2024/10/02 11:50 a.m.•2 views

golang-fips: Golang FIPS zeroed buffer

6.5CVSS5.8AI score0.0007EPSS

Exploits0References5

CVE•added 2024/10/01 6:17 p.m.•167 views

CVE-2024-9355

CVE-2024-9355 is reported in the provided CVE entry as affecting Golang FIPS OpenSSL used in MiracleLinux advisories. The connected Nessus entries (MIRACLE_LINUX_AXSA-2024-8888.NASL, MIRACLE_LINUX_AXSA-2024-9021.NASL, MIRACLE_LINUX_AXSA-2024-8957.NASL, MIRACLE_LINUX_AXSA-2024-8885.NASL, and other...

6.5CVSS6.5AI score0.0007EPSS

Exploits0References14

RedhatCVE•added 2024/09/30 9:8 p.m.•16 views

CVE-2024-9355

6.5CVSS6.3AI score0.0007EPSS

Exploits0References3

NVD•added 2023/08/08 10:15 a.m.•13 views

CVE-2023-21652

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use...

7.7CVSS7.4AI score0.00055EPSS

Exploits0References1

Prion•added 2023/08/08 10:15 a.m.•28 views

Stack overflow

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use...

3.2CVSS6.8AI score0.00055EPSS

Exploits0References1

CVE•added 2023/08/08 9:14 a.m.•79 views

CVE-2023-21652

CVE-2023-21652 describes a cryptographic issue in HLOS where derived keys used to encrypt/decrypt information remain on the stack after use. The vulnerability is noted across multiple sources (e.g., Red Hat, NVD, PRION/Vuln enrichment) with the CVSS v3.1 base metrics indicating HIGH impact for co...

7.7CVSS7AI score0.00055EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/08/08 12:0 a.m.•3 views

PT-2023-18315 · Hlos · Hlos

Name of the Vulnerable Software and Affected Versions: HLOS affected versions not specified Description: A cryptographic issue exists where derived keys used for encryption and decryption remain present on the stack after use. Recommendations: At the moment, there is no information about a newer...

7.7CVSS6.6AI score0.00055EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by