Lucene search
K

15 matches found

CVE
CVE
added 2026/05/20 5:43 p.m.88 views

CVE-2026-24218

CVE-2026-24218 affects NVIDIA DGX OS. The vulnerability arises during factory provisioning: cloning a base image deploys identical SSH host keys across multiple systems, enabling host impersonation or attacker-in-the-middle attacks. Consequences listed include potential code execution, data tampe...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:43 p.m.11 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/28 6:17 p.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...

9.3CVSS5.9AI score0.00298EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/28 6:17 p.m.5 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...

9.3CVSS5.9AI score0.00298EPSS
Exploits1References2
NVD
NVD
added 2026/04/28 4:16 p.m.5 views

CVE-2026-38651

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network...

8.2CVSS0.00298EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

Gravitl Netmaker 数据伪造问题漏洞

Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.5.0 contained a data...

8.2CVSS5.8AI score0.00298EPSS
Exploits1References2
CVE
CVE
added 2026/04/28 12:0 a.m.32 views

CVE-2026-38651

CVE-2026-38651 concerns Netmaker (versions prior to 1.5.0). The root cause is a JWT verification flaw in VerifyHostToken (logic/jwts.go) that fails to validate signatures, enabling an attacker to forge a host token with any key to impersonate a host and access sensitive information. The CVSS 3.1 ...

8.2CVSS5.4AI score0.00298EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2023/04/12 3:4 p.m.2 views

nodejs: Certificate Verification Bypass via String Injection

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

5.3CVSS7.2AI score0.10364EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/12/15 4:20 p.m.10 views

nodejs: Certificate Verification Bypass via String Injection

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

5.3CVSS7.2AI score0.10364EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/10/19 10:12 a.m.12 views

nodejs: Certificate Verification Bypass via String Injection

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

5.3CVSS7.2AI score0.10364EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/07/19 9:7 p.m.1 views

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

7.4CVSS7.3AI score0.08373EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.2 views

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

7.4CVSS7.3AI score0.08373EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/07 8:24 a.m.3 views

nodejs: Certificate Verification Bypass via String Injection

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

5.3CVSS7.2AI score0.10364EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/06/06 9:29 a.m.15 views

nodejs: Certificate Verification Bypass via String Injection

It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host...

5.3CVSS7.2AI score0.10364EPSS
Exploits1References4
CNVD
CNVD
added 2018/04/04 12:0 a.m.7 views

Botan Design Vulnerability (CNVD-2018-08488)

Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan versions 2.2.0 through 2.4.0, which stems from the program failing to properly match wildcard certificates. An attack...

9.8CVSS6.8AI score0.00963EPSS
Exploits0References1
Rows per page
Query Builder