Lucene search
K

294 matches found

Veracode
Veracode
added 2024/05/06 4:53 a.m.15 views

Man-in-the-Middle (MITM)

Salt vulnerable to Man-in-the-Middle MITM. The vulnerability is due to the absence of SSH host key validation in the default configuration of salt-ssh, which can be exploited by attackers to carry out man-in-the-middle attacks...

9.3CVSS6.6AI score0.01824EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

WordPress Plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS8.4AI score0.00391EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.29 views

Red Hat JBoss Enterprise Application Platform 安全漏洞

Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. The platform is primarily used to build, deploy and host Java applications and services. A security vulnerability exists in Red Hat JBoss Enterprise Application Platform, which...

7.3CVSS7.2AI score0.00778EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:54 a.m.37 views

BIT-KAFKA-2021-38153 Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS6.4AI score0.0582EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.8 views

PT-2023-32571 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 5.13.3 Description: The issue allows authenticated attackers with contributor-level access and above to retrieve arbitrary post meta values, which...

4.3CVSS5.4AI score0.00529EPSS
Exploits1References7
OSV
OSV
added 2023/11/03 1:15 a.m.6 views

CVE-2023-46176

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535...

7.8CVSS5.8AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.24 views

light-oauth2 Trust Management Issue Vulnerability

light-oauth2 is networknt open source a light-4j based fast , lightweight cloud-native OAuth 2.0 authorization microservice . light-oauth2 version 2.1.27 before the existence of a security vulnerability , the vulnerability stems from obtaining the public key without any validation , allowing an...

5.9CVSS6.7AI score0.0055EPSS
Exploits1References3
OSV
OSV
added 2023/09/28 11:52 a.m.5 views

SUSE-SU-2023:3886-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880 There are no direct source changes. The CVE is fixed...

5.3CVSS6.3AI score0.01328EPSS
Exploits0References3
OSV
OSV
added 2023/08/10 7:15 p.m.3 views

CVE-2023-23342

If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented...

7.1CVSS5.8AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.5 views

HCL Technologies HCL Nomad Security Vulnerability

HCL Technologies HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL Technologies, USA. A security vulnerability exists in HCL Technologies HCL Nomad prior to version 1.0.7, which stems from a vulnerability that allows an attac...

7.1CVSS6.4AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2023/07/12 6:30 p.m.17 views

GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

4.8CVSS3.9AI score0.00424EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.29 views

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

3.7CVSS6.4AI score0.00424EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.7 views

PT-2023-26195 · Oracle +1 · Jenkins Oracle Cloud Infrastructure Compute Classic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Oracle Cloud Infrastructure Compute Plugin versions 1.0.16 and earlier Description: The issue concerns the lack of SSH host key validation when connecting to OCI clouds, which could enable man-in-the-middle attacks. This allows for th...

4.8CVSS3.7AI score0.00424EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.7 views

Briar 安全漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.5.3,...

7.4CVSS7.2AI score0.00596EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.2 views

libcurl 资源管理错误漏洞

libcurl is a tool for transferring data from or to a server. A security vulnerability exists in libcurl that stems from the fact that libcurl provides the ability to validate the public key of an SSH server using a SHA 256 hash; when this check fails, libcurl releases the memory of the fingerprin...

7.5CVSS6.8AI score0.02489EPSS
Exploits1References14
Prion
Prion
added 2023/04/05 8:15 p.m.13 views

Code injection

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5CVSS5.3AI score0.01404EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/03/17 2:42 p.m.24 views

GHSA-CQVM-J2R2-HWPG russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

5.9CVSS5.6AI score0.00617EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2023/03/17 2:42 p.m.18 views

russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

5.9CVSS6AI score0.00617EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2023/03/16 9:15 p.m.14 views

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

5.9CVSS5.5AI score0.00617EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.4 views

PT-2023-21572 · Russh · Russh

Name of the Vulnerable Software and Affected Versions: russh versions 0.34.0 through 0.36.1 russh versions 0.37.0 Description: The issue is related to insufficient Diffie-Hellman key validation, which can lead to insecure shared secrets and break confidentiality. This can result in eavesdropping,...

5.9CVSS5.6AI score0.00617EPSS
Exploits1References12
Rows per page
Query Builder