95 matches found
EUVD-2014-0197
Malware in sbrugna...
EUVD-2013-3309
Malware in sbrugna...
EUVD-2023-34751
Malicious code in bioql PyPI...
EUVD-2022-29293
Malicious code in bioql PyPI...
EUVD-2024-24975
Malicious code in bioql PyPI...
CVE-2022-24401
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...
RHEL 5 : curl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: NTLM password overflow via integer overflow CVE-2018-14618 - cURL and libcurl 7.10.6 through 7.34.0...
CVE-2024-35050
CVE-2024-35050 concerns SurveyKing v1.3.1, where an attacker can escalate privileges by re-using a session ID belonging to a user that Admin has deleted. The Red Hat/PT security entries corroborate the same issue and specify SurveyKing 1.3.1 as affected. A practical workaround suggested in PT-202...
BIT-ENVOY-2022-21654 Incorrect configuration handling allows TLS session re-use without re-validation in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised...
CVE-2024-24823 graylog2-server Session Fixation vulnerability through cookie injection
Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain...
CVE-2023-49443
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...
CVE-2023-49443
CVE-2023-49443 affects DoraCMS v2.1.8. The root cause is re-use of the same code to verify usernames and passwords, enabling brute-force access to the application. Documents describe impact as attacker access via brute force over the network (no user interaction). Mitigation in the sources includ...
CVE-2022-46480
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range...
CVE-2022-46480
Technical details for CVE-2022-46480 are not provided in the supplied documents; no affected products, root cause, or remediation are disclosed here. Monitor for updates.
CVE-2022-46480
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range...
CVE-2022-24401
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...
CVE-2022-24401 Keystream recovery for arbitrary frames in TETRA
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...
CVE-2022-24401
CVE-2022-24401 concerns the TETRA system’s Air Interface Encryption (AIE) keystream generator. The root cause is IV generation based on TDMA frame counters broadcast unauthenticated, enabling an adversary to manipulate counters observed by a mobile station and provoke keystream re-use. This can a...
RLSA-2023:4523 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...
curl security update
7.61.1-30.el88.3 - GSS delegation too eager connection re-use CVE-2023-27536 - fix host name wildcard checking CVE-2023-28321 - rebuild certs with 2048-bit RSA keys...