Lucene search
K

9 matches found

OSV
OSV
added 2026/07/02 10:16 p.m.3 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

5.9CVSS6.4AI score0.00392EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:7 p.m.15 views

CVE-2026-44518

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

OneUptime 数据伪造问题漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a data manipulation vulnerability. This vulnerability stemmed from the WhatsApp POST webhook processor not verifying the...

8.7CVSS5.7AI score0.00182EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.8 views

The vulnerability of the implementation of the AWS4-HMAC-SHA256 algorithm in the cross-platform FTP server CrushFTP allows a hacker to bypass security restrictions, gain access to the administrator account, and execute arbitrary commands.

The vulnerability of the AWS4-HMAC-SHA256 algorithm implementation in the cross-platform FTP server CrushFTP relates to the bypassing of authentication by using the default crushadmin account. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions, gain access ...

10CVSS8.3AI score0.99947EPSS
Exploits18References8Affected Software1
OSV
OSV
added 2022/05/24 5:12 p.m.24 views

GHSA-PJ65-3PF6-C5Q4 python-apt Does Not Check Hash Signature

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

4.7CVSS4.5AI score0.00496EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/03/09 12:0 a.m.47 views

Ubuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)

USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS e.g. Firefox to have an executable stack. This reduced the effectiveness of some defensive security protections. This update...

9.3CVSS7.7AI score0.05741EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2011/08/29 12:0 a.m.24 views

ClamAV Hash Manager Off-By-One Denial of Service Vulnerability (Windows)

This host has ClamAV installed and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodclamavhashmanagerdosvulnwin.nasl 7015 2017-08-28 11:51:24Z teissa $ ClamAV Hash Manager Off-By-One Denial of Service Vulnerability Windows Authors: Madhuri D Copyright: Copyright ...

5CVSS0.1AI score0.03377EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2010/03/31 12:0 a.m.36 views

RedHat Update for gnutls RHSA-2010:0166-01

Check for the Version of gnutls OpenVAS Vulnerability Test RedHat Update for gnutls RHSA-2010:0166-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

5.8CVSS6.9AI score0.87264EPSS
Exploits15References2
Tenable Nessus
Tenable Nessus
added 2009/08/05 12:0 a.m.30 views

Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service via application crash or execute arbitrary code as the user invoking the program. CVE-2009-2404 Moxie...

9.3CVSS7.5AI score0.05741EPSS
Exploits5References4
Rows per page
Query Builder