Lucene search
K

160 matches found

Vulnrichment
Vulnrichment
added 2025/07/09 2:50 p.m.6 views

CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...

6.5CVSS7.6AI score0.00295EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.5 views

ConnectWise PSA 安全漏洞

ConnectWise PSA is a specialized service automation software from ConnectWise USA. A security vulnerability exists in ConnectWise PSA versions prior to 2025.9 that stems from the API returning too much user information, which could lead to an authenticated user obtaining an encrypted password has...

6.5CVSS6.6AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.3 views

PT-2025-28899 · Connectwise · Connectwise Psa

Name of the Vulnerable Software and Affected Versions: ConnectWise PSA versions prior to 2025.9 Description: A vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests return an overly verbose user object, which includes encrypted...

6.5CVSS6.8AI score0.00295EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.9 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw and mbedtlsecdsarawtoder can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This never happen...

9.8CVSS7.3AI score0.00677EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:16 p.m.7 views

CVE-2021-22887

A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device...

2.3CVSS6.7AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2024/10/09 5:15 p.m.22 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

9.8CVSS0.00788EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.16 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

8AI score0.00788EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/10/09 12:0 a.m.11 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

9.8CVSS6.7AI score0.00788EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/09/10 2:51 a.m.6 views

SUSE CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw and mbedtlsecdsarawtoder can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This never happen...

9.8CVSS7.5AI score0.00677EPSS
Exploits0References3
NVD
NVD
added 2024/09/05 7:15 p.m.23 views

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS0.00236EPSS
Exploits0References3
CVE
CVE
added 2024/09/05 12:0 a.m.73 views

CVE-2024-45158

CVE-2024-45158 affects Mbed TLS 3.6.x up to 3.6.0. A stack buffer overflow can occur in the der/der_to_raw conversions for ECDSA when the bits parameter exceeds the largest supported curve, and this can affect configurations where PSA is disabled; internal library calls are not impacted, but appl...

9.8CVSS7.5AI score0.00677EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/09/05 12:0 a.m.24 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw and mbedtlsecdsarawtoder can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This never happen...

0.00677EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/05 12:0 a.m.10 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw and mbedtlsecdsarawtoder can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This never happen...

7.7AI score0.00677EPSS
Exploits0References3
OSV
OSV
added 2024/09/05 12:0 a.m.13 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw and mbedtlsecdsarawtoder can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This never happen...

9.8CVSS7.3AI score0.00677EPSS
Exploits0References5
CVE
CVE
added 2024/09/05 12:0 a.m.73 views

CVE-2024-45157

CVE-2024-45157 affects Mbed TLS releases prior to 2.28.9 and 3.x prior to 3.6.1, where the user-selected algorithm is not honored. Specifically, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not switch PSA to HMAC_DRBG; HMAC_DRBG is used only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRB...

5.1CVSS6.9AI score0.00236EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2024/09/05 12:0 a.m.14 views

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS5.2AI score0.00236EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/09/05 12:0 a.m.15 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw and mbedtlsecdsarawtoder can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This never happen...

9.8CVSS5.7AI score0.00677EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/09/05 12:0 a.m.16 views

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS7AI score0.00236EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/09/05 12:0 a.m.16 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw and mbedtlsecdsarawtoder can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This never happen...

9.8CVSS7.6AI score0.00677EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/09 12:0 a.m.13 views

Johnson Controls ExacqVision Web Server < 24.04 Improper Certificate Validation (JCI-PSA-2024-18)

The version of the Johnson Controls exacqVision Web Server running on the remote host is prior to 24.04. It is, therefore, affected by a certificate validation vulnerability. Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected...

7.3CVSS5.6AI score0.00131EPSS
Exploits0References3
Rows per page
Query Builder