Lucene search
K

114 matches found

OSV
OSV
added 2026/07/05 1:30 a.m.6 views

CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References8
OSV
OSV
added 2026/05/21 4:24 p.m.6 views

RLSA-2023:7052 Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211gtkrekeyadd is called, and ieee80211gtkrekeyadd returns 0 due to KRACK protection identical key reinstall, ieee80211gtkrekeyadd will still return a pointer to the key...

7.8CVSS6.2AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh’s handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, especially...

3.1CVSS6.2AI score0.00375EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:23 a.m.8 views

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial of ServiceDoS. The vulnerability is due to insufficient access controls on root token generation and rekey operations, which allows an unauthenticated attacker to repeatedly initiate or cancel these operations, occupying the single available...

7.5CVSS5.9AI score0.00718EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/13 3:53 p.m.10 views

SUSE CVE-2017-1000362

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINSHOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the...

9.8CVSS7.3AI score0.01721EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 7:4 p.m.14 views

Security Bulletin: Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Summary Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.7AI score0.00718EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/23 1:29 a.m.8 views

SUSE CVE-2026-5807

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.7AI score0.00718EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

openSUSE 16 Security Update : strongswan (openSUSE-SU-2026:20547-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20547-1 advisory. Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access bsc1257359. - CVE-2026-25075: Integer Underflow When Handling EAP-TTLS A...

8.7CVSS5.8AI score0.01013EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

SUSE SLES16 Security Update : strongswan (SUSE-SU-2026:21203-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21203-1 advisory. Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access bsc1257359. - CVE-2026-25075: Integer Underflow When...

8.7CVSS5.7AI score0.01013EPSS
Exploits2References7
OSV
OSV
added 2026/04/21 12:15 p.m.7 views

BIT-VAULT-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/21 12:0 a.m.5 views

Security update for strongswan (important)

openSUSE security update: security update for strongswan ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20547-1 Rating: important References: bsc1257359 bsc1259472 Cross-References: CVE-2025-9615 CVE-2026-25075 CVSS scores: CVE-2025-9615 SUSE : 5.5...

8.2CVSS5.7AI score0.01013EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/04/17 10:37 p.m.4 views

CVE-2026-5807

A flaw was found in Vault. An unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations. This action occupies the single slot designated for in-progress operations, effectively preventing legitimate operators from completing critical administrative...

7.5CVSS5.5AI score0.00718EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/17 6:31 a.m.30 views

EUVD-2026-23362

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 6:31 a.m.4 views

GHSA-88V5-9HXC-F85R HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References3
NVD
NVD
added 2026/04/17 5:16 a.m.76 views

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS0.00718EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/17 3:22 a.m.84 views

CVE-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS0.00718EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/17 3:22 a.m.4 views

CVE-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 3:22 a.m.3 views

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 3:22 a.m.37 views

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition: an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot and preventing legitimate operators from completing these workflows. The issue is fixed in...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder