CVE-2026-44714 bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

Improper Access Control

github.com/bishopfox/sliver is vulnerable to Improper Access Control. The vulnerability is due to the custom WireGuard netstack not restricting traffic between connected clients, which allows an attacker with leaked or recovered keypairs to communicate with other implants, access exposed port...

EUVD-2019-1569

Malware in sbrugna...

EUVD-2021-1578

Malware in sbrugna...

EUVD-2001-0800

Malware in sbrugna...

EUVD-2001-1361

Malware in sbrugna...

rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency

Impact The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe AP...

GO-2023-2163 Curve KeyPairs fail to encrypt in github.com/nats-io/nkeys

Curve KeyPairs always use the same all-zeros key to encrypt data, and provide no security...

SUSE CVE-2019-0816

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'...

NewStart CGSL CORE 5.05 / MAIN 5.05 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0151)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys...

GHSA-5PH6-QQ5X-7JWC ExternalName Services can be used to gain access to Envoy's admin interface

Impact Josh Ferrell @josh-ferrell from VMware has reported that a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely a denial of service, o...

CVE-2021-32783

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

PT-2021-19929 · Contour +1 · Contour +1

Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...

EulerOS Virtualization 3.0.2.2 : python-ecdsa (EulerOS-SA-2021-2161)

According to the version of the python-ecdsa package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - This is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in...

NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Vulnerability (NS-SA-2021-0011)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are affected by a vulnerability: - A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure S...

Medium: cloud-init

Issue Overview: A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'. CVE-2019-0816 Affected Packages: cloud-init Note: This advisory is applicabl...

Amazon Linux 2 : cloud-init (ALAS-2021-1595)

The version of cloud-init installed on the remote host is prior to 19.3-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1595 advisory. A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use...

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1751)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2020-1751)

According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that u...