CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1489 matches found

NVD•added 2024/10/15 9:15 a.m.•10 views

CVE-2024-47943

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

9.8CVSS0.00208EPSS

Exploits0References3

Cvelist•added 2024/10/15 8:57 a.m.•15 views

CVE-2024-47943 Improper signature verification of firmware upgrade files

0.00208EPSS

Exploits0References2

Vulnrichment•added 2024/10/15 8:57 a.m.•10 views

CVE-2024-47943 Improper signature verification of firmware upgrade files

7.7AI score0.00208EPSS

Exploits0References2

Microsoft CVE•added 2024/10/15 12:0 a.m.•2 views

CVE-2022-45141

...

9.8CVSS6.8AI score0.0067EPSS

Exploits0

RedHat Linux•added 2024/10/10 8:31 p.m.•0 views

python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

A flaw was discovered in python-cryptography. A NULL pointer dereference can be triggered when a PKCS12 key and certificate do not match. Specifically, if the pkcs12.serializekeyandcertificates function is called with a non-matching certificate and private key and an encryption algorithm with...

7.5CVSS7.1AI score0.00462EPSS

Exploits0References4

OSV•added 2024/10/01 9:31 p.m.•13 views

GHSA-3H3X-2HWV-HR52 Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

7.6CVSS6.5AI score0.0007EPSS

Exploits0References18

Github Security Blog•added 2024/10/01 9:31 p.m.•20 views

Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability

6.5CVSS6.8AI score0.0007EPSS

Exploits0References18Affected Software1

OSV•added 2024/10/01 7:15 p.m.•3 views

AZL-52774 CVE-2024-9355 affecting package golang for versions less than 1.22.9-1

6.5CVSS7.2AI score0.0007EPSS

Exploits0References1

OSV•added 2024/10/01 7:15 p.m.•2 views

CVE-2024-9355

6.5CVSS7.2AI score0.0007EPSS

Exploits0References14

NVD•added 2024/10/01 7:15 p.m.•10 views

CVE-2024-9355

6.5CVSS0.0007EPSS

Exploits0References14

Cvelist•added 2024/10/01 6:17 p.m.•21 views

CVE-2024-9355 Golang-fips: golang fips zeroed buffer

6.5CVSS0.0007EPSS

Exploits0References14

Vulnrichment•added 2024/10/01 6:17 p.m.•20 views

CVE-2024-9355 Golang-fips: golang fips zeroed buffer

6.5CVSS6.9AI score0.0007EPSS

Exploits0References14

Filippo.io•added 2024/09/25 8:42 p.m.•5 views

The FIPS Compliance of HKDF

HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...

7.3AI score

Exploits0

Debian•added 2024/09/24 3:52 p.m.•9 views

[SECURITY] [DLA 3894-1] booth security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3894-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 24, 2024 https://wiki.debian.org/LTS -...

5.9CVSS6.5AI score0.01032EPSS

Exploits0

Tenable Nessus•added 2024/09/24 12:0 a.m.•15 views

Debian dla-3894 : booth - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3894 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3894-1 [email protected] https://www.debian.org/lts/security/...

5.9CVSS5.9AI score0.01032EPSS

Exploits0References4

SUSE CVE•added 2024/09/06 2:54 a.m.•1 views

SUSE CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS7AI score0.00125EPSS

Exploits0References3

OSV•added 2024/09/05 7:15 p.m.•4 views

DEBIAN-CVE-2024-45157

5.1CVSS5.2AI score0.00125EPSS

Exploits0References1

OSV•added 2024/09/05 7:15 p.m.•2 views

ALPINE-CVE-2024-45157

5.1CVSS6.9AI score0.00125EPSS

Exploits0References1

Veracode•added 2024/09/04 7:49 a.m.•4 views

Information Exposure Through Log Files

github.com/hashicorp/vault is vulnerable to Information Exposure Through Log Files. The vulnerability is due to a regression that removed the HMAC functionality for sensitive headers in the audit device, leading to the storage of plaintext client tokens and token accessors in the audit log...

6.5CVSS6.4AI score0.00347EPSS

Exploits0References3Affected Software1

Veracode•added 2024/09/02 9:15 a.m.•4 views

Timing Attack

Adyen is vulnerable to a Timing Attack. The vulnerability is due to improper constant-time comparison of HMACs in the isvalidhmac and isvalidhmacnotification methods, allowing an attacker to infer the correct HMAC by measuring timing differences...

6.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by