EUVD-2015-0644

Malware in sbrugna...

EUVD-2024-31968

Malicious code in bioql PyPI...

CVE-2024-3379

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project...

PT-2024-36555 · Unknown · Mailcleaner

Name of the Vulnerable Software and Affected Versions: MailCleaner versions before 28d913e Description: The issue concerns default values of ssh host dsa key, ssh host rsa key, and ssh host ed25519 key that persist after installation. Recommendations: For versions before 28d913e, update to a...

CVE-2024-3379 Incorrect Authorization in lunary-ai/lunary

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project...

PT-2024-25481 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.6 Description: The issue allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate...

Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1

Summary Audit records for OpenAPI requests may include sensitive information. Impact Unauthorized access, privilege escalation. Mitigation Nozomi Networks recommends creating specific users for OpenAPI usage, with only the necessary permissions to access the required data sources. Additionally, i...

nodejs: DiffieHellman do not generate keys after setting a private key

A vulnerability has been identified in the Node.js, where a generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet...

PYSEC-2022-33

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

Microsoft Azure Cosmos DB Guidance

CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. The misconfiguration has been fixed within the Azure cloud, and Microsoft has notified the customers who potentially would have been impacted. CISA strongly encourages those Azure...

Nagios XI API Key Regeneration Privilege Escalation (CVE-2018-15711)

A privilege escalation vulnerability exists in the API component of Nagios XI. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access...

Nagios XI < 5.5.7 Multiple Vulnerabilities

Nagios XI is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagiosxi"; if description...

Nagios XI Unauthorized API Key Regeneration Vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. Nagios XI 5.5.6 suffers from an unauthorized API key regeneration vulnerability. A remote authenticated attacker can exploit this...

Race condition

Race condition in the SSL implementation on Cisco Intrusion Prevention System IPS devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688...

CVE-2015-0631

Race condition in the SSL implementation on Cisco Intrusion Prevention System IPS devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688...

CVE-2015-0631

Cisco IPS CVE-2015-0631 is a race-condition vulnerability in the SSL/TLS subsystem used by the web management interface. During image upgrading, key/certificate regeneration can be disrupted by a rapid sequence of HTTPS connections to the management interface, allowing a remote attacker to cause ...

Security Advisory 2000-007

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2000-007 ================================= Topic: bad key generation in libdes if no /dev/urandom Version: Domestic US NetBSD-current between 19990624 and 20000622. No formal releases of NetBSD are vulnerable. Severity: high only if...