Lucene search
K

9184 matches found

OpenSSL
OpenSSL
added 2023/03/21 12:0 a.m.93 views

Vulnerability in OpenSSL - Certificate policy check not enabled

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

6.5AI score0.01629EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.60 views

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2023-076)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-076 advisory. A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signin...

7.5CVSS7.3AI score0.012EPSS
Exploits0References4
OSV
OSV
added 2023/03/20 8:0 a.m.26 views

CURL-CVE-2023-27534 SFTP path ~ resolving discrepancy

curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde character as the first path element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the once proposed to-become RFC...

8.8CVSS6.5AI score0.02195EPSS
Exploits1
Citrix
Citrix
added 2023/03/20 12:0 a.m.8 views

Active TLS1.1 and Weak Ciphers Causing environment Vulnerabilities

This Tech Paper aims to convey what someone skilled in ADC would configure as a generic implementation to receive an A+ grade atQualys SSL Labs...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.5 views

Implementation error in Namespace.fuse() leads to a wrong unicode representation

Lines of code Vulnerability details Impact The font class of a tile will be always considered as 0 emoji when a user registers a name. Proof of Concept To register a name, fuse is used taking as input the data of the characters. The name to register is a string created by converting the character...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.34 views

CBL Mariner 2.0 Security Update: moby-containerd (CVE-2022-23471)

The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23471 advisory. - containerd is an open source container runtime. A bug was found in containerd's CRI implementation...

6.5CVSS7.3AI score0.01022EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/03/19 12:0 a.m.23 views

[Medium - 1] Ecrecover precompile doesn't behave the same as the one from Ethereum

Lines of code Vulnerability details Impact According to the Ethereum yellow paper and in the specifications of the ecrecover precompile, it is stated that if the ecrecover doesn't return anything denoted by ∅, then the return should be 0 as well. If we take a look at the current ecrecover...

6.6AI score
Exploits0
Fedora
Fedora
added 2023/03/18 5:4 a.m.27 views

[SECURITY] Fedora 36 Update: pack-0.29.0~rc1-1.fc36

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

5.3CVSS7.1AI score0.05623EPSS
Exploits0
OSV
OSV
added 2023/03/16 9:21 p.m.19 views

USN-5962-1 linux-intel-iotg vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7AI score0.06346EPSS
Exploits8References19
Rockylinux
Rockylinux
added 2023/03/16 3:23 p.m.19 views

.NET 7.0 bugfix update

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the .N...

1.9AI score
Exploits0
Veracode
Veracode
added 2023/03/15 4:31 p.m.20 views

Authentication Bypass

codeigniter4/shield is vulnerable to Authentication Bypass. The vulnerability exists due to a weak implementation of the password storage functionality which allows an attacker to crack the password if they have access to a user's hashed password...

7.5CVSS5.8AI score0.00517EPSS
Exploits0References7Affected Software1
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.8 views

Current transfer implementations can lead to loss of user founds if LP is updated or wrongly set

Lines of code Vulnerability details Current transfer implementations can lead to loss of user founds if LP is updated or wrongly set The current implementation of assetTransfer and assetTransferFrom don't check if the asset is a contract and don't check if the transfer returns a false instead of...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.4 views

The vulnerability in the implementation of the PAPI network protocol for ArubaOS operating systems allows a hacker to execute arbitrary code.

The vulnerability of the PAPI network protocol implementation in ArubaOS operating systems lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted packets...

8.1CVSS8.4AI score0.01073EPSS
Exploits0References3Affected Software2
Ubuntu
Ubuntu
added 2023/03/14 6:45 p.m.88 views

USN-5951-1: Linux kernel (IBM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.1CVSS7.7AI score0.03702EPSS
Exploits6
Zero Day Initiative
Zero Day Initiative
added 2023/03/14 12:0 a.m.63 views

PaperCut NG SecurityRequestFilter Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the...

8.2CVSS8.7AI score0.7842EPSS
Exploits0References1
OSV
OSV
added 2023/03/13 8:51 p.m.16 views

GHSA-C5VJ-F36Q-P9VG Password Shucking Vulnerability

Impact An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets 1 the user's hashed...

5.9CVSS6.5AI score0.00517EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/03/13 8:51 p.m.21 views

Password Shucking Vulnerability

Impact An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets 1 the user's hashed...

7.5CVSS5.8AI score0.00517EPSS
Exploits0References8Affected Software1
GithubExploit
GithubExploit
added 2023/03/13 1:28 p.m.412 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963: Spring4Shell RCE Exploit This is a python im...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
Microsoft CVE
Microsoft CVE
added 2023/03/13 7:0 a.m.61 views

Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6AI score0.01163EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/03/13 7:0 a.m.47 views

Chromium: CVE-2023-1236 Inappropriate implementation in Internals

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6AI score0.00459EPSS
Exploits0
Rows per page
Query Builder