Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24661

Malicious code in bioql PyPI...

6CVSS6.7AI score0.00173EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0063

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00233EPSS
Exploits1References6
NVD
NVD
added 2025/08/14 5:15 a.m.4 views

CVE-2025-0309

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to...

6CVSS0.00173EPSS
Exploits1References2
CVE
CVE
added 2025/08/14 4:35 a.m.46 views

CVE-2025-0309

CVE-2025-0309 describes a local privilege escalation in Netskope Client for Windows due to insufficient validation on the server connection endpoint. An attacker-controlled server using publicly signed TLS certificates can cause the client to send specially crafted responses, enabling privilege e...

6CVSS6.9AI score0.00173EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:51 a.m.7 views

CVE-2023-33185

Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

5.4CVSS6.8AI score0.00233EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/26 12:0 a.m.5 views

Django-SES 数据伪造问题漏洞

Django-SES is the Django email backend for Amazon Simple Email Service. A security vulnerability exists in Django-SES versions prior to 3.5.0 that stems from allowing users to specify arbitrary public certificates...

5.4CVSS5.8AI score0.00233EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.7 views

The vulnerability of the function of the NextCloud clipboard synchronization tool, which allows a hacker to gain access to confidential data.

The vulnerability of the function of the client-side encryption tool for Nextcloud’s desktop synchronization platform relates to the lack of verification of the ownership of the private key of previously uploaded public certificates. Exploiting this vulnerability allows a malicious actor to gain...

6.8CVSS6.5AI score0.00851EPSS
Exploits1References6Affected Software2
RedHat Linux
RedHat Linux
added 2021/02/10 5:31 p.m.4 views

dotnet: certificate chain building recursion Denial of Service

A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...

6.5CVSS5.8AI score0.0334EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2017/08/04 12:0 a.m.48 views

Amazon Linux AMI : libtommath / libtomcrypt (ALAS-2017-864)

possible OP-TEE Bleichenbacher attack : The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public...

7.5CVSS7.3AI score0.00775EPSS
Exploits0References2
Prion
Prion
added 2017/02/13 6:59 p.m.9 views

Server side request forgery (ssrf)

The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...

5CVSS7AI score0.00775EPSS
Exploits0References3Affected Software2
Debian CVE
Debian CVE
added 2017/02/13 6:0 p.m.15 views

CVE-2016-6129

The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...

7.5CVSS7.5AI score0.00775EPSS
Exploits0
Rows per page
Query Builder