81 matches found
GHSA-RVMC-8GMG-GGQR Moodle Blind SQL injection possible via MNet authentication
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
UBUNTU-CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...
CVE-2021-41117
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...
CVE-2021-41117
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...
Path traversal
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...
CVE-2021-41117
CVE-2021-41117 concerns the keypair library (JS RSA key generator) generating identical P, Q (and N) values for SSH keys due to a weak RNG. The root cause is a non-cryptographically secure fallback RNG: when window.crypto.getRandomValues() is unavailable, keypair seeds an AES-CMAC counter with a ...
7ghost (>=4.11.0 <=4.11.46), @heroku-cli/plugin-java (>=3.0.0 <=3.1.1) +55 more potentially affected by CVE-2021-41117 via keypair (>=0.0.5 <=1.0.3)
keypair NPM version =0.0.5, =4.11.0, =3.0.0, =2.3.1, =3.41.6, =1.0.1, =1.0.0, =0.1.2, =0.2.1, =0.4.0, =0.1.2, =0.1.2, =0.1.11 and more Source cves: CVE-2021-41117 Source advisory: OSV:GHSA-3F99-HVG4-QJWJ...
Insecure random number generation in keypair
Description and Impact A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recomme...
GHSA-3F99-HVG4-QJWJ Insecure random number generation in keypair
Description and Impact A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recomme...
Keypair 代码问题漏洞
Keypair is an open source package. It is used to generate RSA PEM key pairs in pure JS. Keypair has a code issue vulnerability that stems from. An issue was found when this library was generating the same RSA keys used in SSH. This would mean that the library is generating the same P, Q and...
CVE-2020-10590
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port 8800 on the Replicated Classic server could retrieve the TLS Keypair Cert and Key used to configure...
Design/Logic Flaw
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port 8800 on the Replicated Classic server could retrieve the TLS Keypair Cert and Key used to configure...
CVE-2020-10590
CVE-2020-10590 affects Replicated Classic 2.x. The issue is an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on a Replicated Classic server could retrieve the TLS keypair (certif...
Exploit for Path Traversal in Vmware Cloud_Foundation
vsphereyeeter.sh is an automated bash script to exploit vuln...
Geacon - Implement CobaltStrike's Beacon In Go
Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...
Keybase: Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template
Issue Keybase allows you to see other users' sigchains by navigating to /sigchain. The "Payload" field containing JSON related to the chainlink on the right side of the page is not correctly escaped during templating, leading to a persistent XSS as users have a high degree of control over the...
AWS OpenVPN Deployment Tool: AutoVPN
AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...
Ceragon FibeAir IP-10 SSH Private Key Exposure Vulnerability
Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability. Ceragon FibeAir IP-10 SSH Private Key Exposure CVE-2015-0936 Product Description Ceragon produces a series of ruggedized, microwave backhaul devices used to provide connectivity to mobile, IP-based devices; usually, the...
CVE-2001-1380
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the /.ssh/authorizedkeys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses...