Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the FileBasedKeyLifecycleManager class while handling contents of .key files. An attacker can execute arbitrary code by placing a crafted serialized Java object in the key directory, which is then...

CVE-2026-40048

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

EUVD-2016-5951

Malware in sbrugna...

EUVD-2019-13942

Malware in sbrugna...

EUVD-2007-5438

Malware in sbrugna...

EUVD-2023-32785

Malicious code in bioql PyPI...

EUVD-2023-59233

Malicious code in bioql PyPI...

PHOENIX CONTACT多款产品 后置链接漏洞

PHOENIX CONTACT AXC F 1152 and others are a controller device from PHOENIX CONTACT, Germany. A backlink vulnerability exists in various PHOENIX CONTACT products, which stems from the fact that key files used by the watchdog can be replaced, potentially allowing a low-privileged attacker to gain...

CVE-2023-29184

An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests...

CVE-2023-29184

CVE-2023-29184 describes an incomplete cleanup (CWE-459) vulnerability affecting Fortinet FortiOS and FortiProxy. Affected: FortiOS 7.2 all versions and earlier, and FortiProxy 7.2.0–7.2.2 and before 7.0.8. Exploitation allows a VDOM-privileged attacker to silently add SSH key files via crafted C...

Ensure That the Permissions on Important Files and Directories Are Minimized

According to the principle of least privilege, the minimum access permission must be correctly set for key files or directories in the system, especially those containing sensitive information. Only users with relevant permissions can access these files or directories. If the file or directory...

RHEL 6 : dovecot (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dovecot: Buffer overflow in indexer-worker process results in privilege escalation CVE-2019-7524 - A...

[SECURITY] Fedora 39 Update: rust-ssh-key-dir-0.1.4-8.fc39

sshd AuthorizedKeysCommand to read key files from /.ssh/authorizedkeys.d...

CVE-2023-7046

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to...

CVE-2023-7046 WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to...

CVE-2023-7046 WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to...

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files

Description The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated...

K38271531: BIG-IP and BIG-IQ SCP vulnerability CVE-2022-26340

Security Advisory Description An authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy SCP protocol from a remote system. CVE-2022-26340 Impact This vulnerability may allow an authenticated, high-privileged attacker who has...

Security Bulletin: IBM QRadar SIEM is vulnerable to possible information disclosure [CVE-2023-22875]

Summary IBM QRadar SIEM copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. The key remains within the QRadar deployment. However, if you allow users other than QRadar system administrators to access manag...

Design/Logic Flaw

IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356...