Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2021/04/16 7:52 p.m.53 views

RSA signature validation vulnerability on maleable encoded message in jsrsasign

Impact Vulnerable jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length must be the same as RSA key length, however such checking was not sufficient. To make crafted...

9.1CVSS8.7AI score0.002EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCveadded 2019/03/11 12:0 a.m.17 views

CVE-2019-9675

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue...

8.1CVSS7.1AI score0.00489EPSS
Exploits0References5
Prion
Prionadded 2016/12/15 6:59 a.m.15 views

Design/Logic Flaw

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

3.5CVSS7.1AI score0.00148EPSS
Exploits1References2Affected Software1
ThreatPost
ThreatPostadded 2016/09/23 3:47 p.m.88 views

OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack

A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol OCSP was patched this week, closing a denial-of-service weakness in affected servers. The patch was the most severe of 14 released yesterday by OpenSSL. OCSP is an alternative in many cases to Certificate...

7.8CVSS0.7AI score0.40993EPSS
Exploits8References3
ThreatPost
ThreatPostadded 2014/09/09 8:26 a.m.13 views

Google 'Sunsetting' Weak SHA-1 Crypto Algorithm

Google announced Friday it will begin the process of phasing out the obsolete SHA-1 cryptographic hash algorithm with the upcoming release of version 39 of the company’s Chrome browser in November. After the November release, Chrome will no longer fully trust sites whose certificate chains trust...

7.2AI score
Exploits0References1
ThreatPost
ThreatPostadded 2013/07/23 4:4 p.m.10 views

Long range RFID hacking tool to be released at Black Hat

Out of necessity come many interesting inventions. Fran Brown, a year ago, was working a penetration test for an electric utility doing an assessment of its SCADA network. His first challenge was to get inside the facility, meaning, in short that he had to break in. To do so, he decided to test t...

0.1AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisoriesadded 2013/04/04 12:0 a.m.491 views

RC4 encryption protocol is vulnerable to certain brute force attacks

Weaknesses in the RC4 encryption protocol have been found, allowing an attacker to deduce the plaintext. If the same message is encrypted many millions of times, statistical methods can be used to extract valuable information, such as cookies. Due to the time this amount of requests takes, this i...

4.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder