11 matches found
EUVD-2025-24661
Malicious code in bioql PyPI...
EUVD-2023-0063
Malicious code in bioql PyPI...
CVE-2025-0309
An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to...
CVE-2025-0309
CVE-2025-0309 describes a local privilege escalation in Netskope Client for Windows due to insufficient validation on the server connection endpoint. An attacker-controlled server using publicly signed TLS certificates can cause the client to send specially crafted responses, enabling privilege e...
CVE-2023-33185
Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
Django-SES 数据伪造问题漏洞
Django-SES is the Django email backend for Amazon Simple Email Service. A security vulnerability exists in Django-SES versions prior to 3.5.0 that stems from allowing users to specify arbitrary public certificates...
The vulnerability of the function of the NextCloud clipboard synchronization tool, which allows a hacker to gain access to confidential data.
The vulnerability of the function of the client-side encryption tool for Nextcloud’s desktop synchronization platform relates to the lack of verification of the ownership of the private key of previously uploaded public certificates. Exploiting this vulnerability allows a malicious actor to gain...
dotnet: certificate chain building recursion Denial of Service
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...
Amazon Linux AMI : libtommath / libtomcrypt (ALAS-2017-864)
possible OP-TEE Bleichenbacher attack : The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public...
Server side request forgery (ssrf)
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...