Lucene search
K

13 matches found

Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Important: containerd

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.8AI score0.005EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2023 : docker (ALAS2023-2026-1783)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1783 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU...

10CVSS6.8AI score0.03092EPSS
Exploits2References16
Amazon
Amazon
added 2026/06/08 12:0 a.m.14 views

Important: rclone

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

9.1CVSS5.6AI score0.005EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.15 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42508)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42508 advisory. - Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocatio...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:0 p.m.4 views

CVE-2018-20954

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys...

7.5CVSS7AI score0.01148EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.3 views

SUSE CVE-2009-1358

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...

10CVSS7.2AI score0.04396EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.2 views

Mozilla Firefox 信任管理问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature issue that stems from a vulnerability related to compromised keys in the OpenPGP revocation mechanism. A remote attacker could use the revoked key to sign messages, which...

5.4CVSS8.3AI score0.00373EPSS
Exploits0References14
NVD
NVD
added 2019/08/08 9:15 p.m.17 views

CVE-2018-20954

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys...

7.5CVSS7.6AI score0.01148EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/08/08 8:13 p.m.15 views

CVE-2018-20954

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys...

7.6AI score0.01148EPSS
Exploits0References3
OSV
OSV
added 2011/03/18 4:55 p.m.2 views

DEBIAN-CVE-2010-4764

Open Ticket Request System OTRS before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation...

5CVSS6.6AI score0.01466EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2011/03/18 4:55 p.m.26 views

CVE-2010-4764

Open Ticket Request System OTRS before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation...

5CVSS5.9AI score0.01466EPSS
Exploits0References1
Prion
Prion
added 2011/03/18 4:55 p.m.16 views

Design/Logic Flaw

Open Ticket Request System OTRS before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation...

5CVSS7.1AI score0.01466EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2009/04/21 11:30 p.m.2 views

DEBIAN-CVE-2009-1358

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...

10CVSS6.8AI score0.04396EPSS
Exploits0References1
Rows per page
Query Builder