Lucene search
K

81 matches found

OSV
OSV
added 2022/03/12 12:0 a.m.32 views

GHSA-RVMC-8GMG-GGQR Moodle Blind SQL injection possible via MNet authentication

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.1AI score0.0089EPSS
Exploits0References3
OSV
OSV
added 2022/03/11 6:15 p.m.2 views

UBUNTU-CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.1AI score0.0089EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2021/10/12 7:57 a.m.42 views

GitHub Revoked Insecure SSH Keys Generated by a Popular git Client

Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...

9.1CVSS0.1AI score0.02993EPSS
Exploits1
NVD
NVD
added 2021/10/11 5:15 p.m.31 views

CVE-2021-41117

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

9.1CVSS0.02993EPSS
Exploits1References2
OSV
OSV
added 2021/10/11 5:15 p.m.13 views

CVE-2021-41117

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

9.1CVSS9.3AI score
Exploits0References2
Prion
Prion
added 2021/10/11 5:15 p.m.21 views

Path traversal

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

6.4CVSS9.3AI score0.02993EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/10/11 5:10 p.m.59 views

CVE-2021-41117

CVE-2021-41117 concerns the keypair library (JS RSA key generator) generating identical P, Q (and N) values for SSH keys due to a weak RNG. The root cause is a non-cryptographically secure fallback RNG: when window.crypto.getRandomValues() is unavailable, keypair seeds an AES-CMAC counter with a ...

9.1CVSS9.1AI score0.02993EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2021/10/11 5:9 p.m.4 views

7ghost (>=4.11.0 <=4.11.46), @heroku-cli/plugin-java (>=3.0.0 <=3.1.1) +55 more potentially affected by CVE-2021-41117 via keypair (>=0.0.5 <=1.0.3)

keypair NPM version =0.0.5, =4.11.0, =3.0.0, =2.3.1, =3.41.6, =1.0.1, =1.0.0, =0.1.2, =0.2.1, =0.4.0, =0.1.2, =0.1.2, =0.1.11 and more Source cves: CVE-2021-41117 Source advisory: OSV:GHSA-3F99-HVG4-QJWJ...

9.1CVSS7.4AI score0.02993EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/10/11 5:9 p.m.48 views

Insecure random number generation in keypair

Description and Impact A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recomme...

9.1CVSS1.5AI score0.02993EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/10/11 5:9 p.m.17 views

GHSA-3F99-HVG4-QJWJ Insecure random number generation in keypair

Description and Impact A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recomme...

8.7CVSS7.5AI score0.02993EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.4 views

Keypair 代码问题漏洞

Keypair is an open source package. It is used to generate RSA PEM key pairs in pure JS. Keypair has a code issue vulnerability that stems from. An issue was found when this library was generating the same RSA keys used in SSH. This would mean that the library is generating the same P, Q and...

9.1CVSS8.5AI score0.02993EPSS
Exploits1References3
OSV
OSV
added 2021/07/30 2:15 p.m.4 views

CVE-2020-10590

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port 8800 on the Replicated Classic server could retrieve the TLS Keypair Cert and Key used to configure...

7.5CVSS5.8AI score0.01312EPSS
Exploits0References3
Prion
Prion
added 2021/07/30 2:15 p.m.16 views

Design/Logic Flaw

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port 8800 on the Replicated Classic server could retrieve the TLS Keypair Cert and Key used to configure...

5CVSS7.4AI score0.01312EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/07/28 11:38 a.m.62 views

CVE-2020-10590

CVE-2020-10590 affects Replicated Classic 2.x. The issue is an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on a Replicated Classic server could retrieve the TLS keypair (certif...

7.5CVSS7.4AI score0.01312EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2021/02/25 6:22 p.m.56 views

Exploit for Path Traversal in Vmware Cloud_Foundation

vsphereyeeter.sh is an automated bash script to exploit vuln...

10CVSS10AI score0.9957EPSS
Exploits47
Kitploit
Kitploit
added 2021/02/05 11:30 a.m.132 views

Geacon - Implement CobaltStrike's Beacon In Go

Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...

7.5AI score
Exploits0References3
Hacker One
Hacker One
added 2017/07/02 9:42 a.m.24 views

Keybase: Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template

Issue Keybase allows you to see other users' sigchains by navigating to /sigchain. The "Payload" field containing JSON related to the chainlink on the right side of the page is not correctly escaped during templating, leading to a persistent XSS as users have a high degree of control over the...

6AI score
Exploits0
n0where
n0where
added 2016/08/06 1:23 p.m.42 views

AWS OpenVPN Deployment Tool: AutoVPN

AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...

0.5AI score
Exploits0References2
0day.today
0day.today
added 2015/04/03 12:0 a.m.67 views

Ceragon FibeAir IP-10 SSH Private Key Exposure Vulnerability

Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability. Ceragon FibeAir IP-10 SSH Private Key Exposure CVE-2015-0936 Product Description Ceragon produces a series of ruggedized, microwave backhaul devices used to provide connectivity to mobile, IP-based devices; usually, the...

7.5CVSS0.8AI score0.7809EPSS
Exploits10
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.25 views

CVE-2001-1380

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the /.ssh/authorizedkeys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses...

9.3AI score0.02949EPSS
Exploits0References10
Rows per page
Query Builder