Lucene search
+L

43 matches found

Prion
Prion
added 2023/05/01 8:15 p.m.20 views

Design/Logic Flaw

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

1CVSS3.8AI score0.00086EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/01 7:41 p.m.11 views

CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

2.5CVSS3.4AI score0.00086EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/01 7:41 p.m.30 views

CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

2.5CVSS3.9AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2023/05/01 7:41 p.m.29 views

CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

2.5CVSS5.7AI score0.00086EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/05/01 7:41 p.m.54 views

CVE-2023-2197

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

2.5CVSS3.4AI score0.00086EPSS
Exploits0
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/05/01 7:35 p.m.10 views

Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM

Summary A vulnerability was identified for specific Vault Enterprise “Vault” HSM integration configurations in which a padding oracle attack may be possible, due to Vault not properly applying an HMAC to messages sent from the HSM when using a CBC-based encryption mechanism. An attacker with...

2.5CVSS6AI score0.00086EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/12/28 3:15 a.m.5 views

CVE-2022-3347

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References2
Prion
Prion
added 2022/12/28 3:15 a.m.20 views

Design/Logic Flaw

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...

5CVSS7.5AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2022/09/15 3:35 a.m.21 views

GHSA-R7VQ-6425-J94W Python-TUF vulnerable to incorrect threshold signature computation for new root metadata

Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...

7.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/15 3:35 a.m.16 views

Python-TUF vulnerable to incorrect threshold signature computation for new root metadata

Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...

1.1AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.6 views

PT-2022-28275 · Tuf · Tuf

Name of the Vulnerable Software and Affected Versions: TUF versions 0.14.0 through 0.15.x Description: The issue concerns the verify root self signed function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new...

7.3AI score
Exploits0References6
OSV
OSV
added 2022/03/27 4:15 p.m.6 views

CVE-2022-26252

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...

6.5CVSS6.6AI score0.01752EPSS
Exploits1References1
OSV
OSV
added 2020/06/29 4:15 p.m.7 views

CVE-2020-15319

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree...

5.9CVSS6.7AI score0.00997EPSS
Exploits1References2
OSV
OSV
added 2020/06/29 4:15 p.m.7 views

CVE-2020-15316

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree...

5.9CVSS6.7AI score0.00976EPSS
Exploits1References2
OSV
OSV
added 2020/06/29 3:15 p.m.6 views

CVE-2020-15314

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account...

5.9CVSS6.7AI score0.00976EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/05/12 12:0 a.m.261 views

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master/Minion Unauthenticated RCE', 'Description' = %q This module exploits unauthenticated access to the runner and sendpub metho...

7.5CVSS0.9AI score0.96405EPSS
Exploits25
OSV
OSV
added 2019/10/23 9:6 p.m.8 views

MGASA-2019-0299 Updated bind packages fix security vulnerabilities

Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective CVE-2018-5743 Race condition when discarding malformed packets can cause bind to exit with assertion failure CVE-2019-6471 In addition to those two security issues, this package releases also fixes...

7.5CVSS6.5AI score0.06404EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/08/23 12:0 a.m.42 views

Fedora 27 : 32:bind (2018-90f8fbd58e)

Update to 9.11.4-P1 - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

7.5CVSS6.6AI score0.59353EPSS
Exploits0References3
OSV
OSV
added 2017/04/21 8:59 p.m.6 views

CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...

7.5CVSS5.9AI score0.74261EPSS
Exploits4References3
Oracle linux
Oracle linux
added 2015/11/23 12:0 a.m.29 views

unbound security and bug fix update

1.4.20-26 - Added Conficts on redhat-release packages without unbound-anchor.timer in presets Related 1215645 1.4.20-25 - Resolve ordering loop with nss-lookup.target and ntpdate 1259806 1.4.20-24 - Fix CVE-2014-8602 1253961 1.4.20-23 - Removed usage of DLV from the default configuration 1223339...

4.3CVSS1.2AI score0.25205EPSS
Exploits0
Rows per page
Query Builder