Lucene search
+L

148 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:30 a.m.5 views

CVE-2023-3202

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

4.3CVSS5.8AI score0.00296EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 8:5 a.m.3 views

openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

A flaw was found in OpenSSL's RFC7250 Raw Public Key RPK authentication. This vulnerability allows man-in-the-middle MITM attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSLVERIFYPEER verification mode being set...

6.3CVSS7.1AI score0.02439EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/25 12:0 a.m.5 views

PT-2024-37525 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit versions prior to 0.7.0 Description: The issue concerns missing authorization in the Client-Server API, allowing for unauthorized removal and addition of aliases to different rooms. This can be exploited for privilege escalation by...

9.9CVSS7.7AI score0.00433EPSS
Exploits0References4
OSV
OSV
added 2023/07/12 5:15 a.m.5 views

CVE-2023-3202

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

4.3CVSS5.7AI score0.00296EPSS
Exploits0References3
Prion
Prion
added 2023/07/12 5:15 a.m.16 views

Cross site request forgery (csrf)

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

4.3CVSS4.4AI score0.00296EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/12 4:38 a.m.38 views

CVE-2023-3202 MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

4.3CVSS4.7AI score0.00296EPSS
Exploits0References3
CVE
CVE
added 2023/07/12 4:38 a.m.63 views

CVE-2023-3202

CVE-2023-3202: The MStore API WordPress plugin is vulnerable to CSRF due to missing nonce validation on mstore_update_firebase_server_key, enabling unauthenticated attackers to alter the Firebase server key and push notifications when an order status changes via forged requests. Impact is limited...

4.3CVSS4.7AI score0.00296EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/22 2:15 a.m.3 views

CVE-2023-33842

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117...

5.5CVSS5.8AI score0.00188EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/06/13 12:0 a.m.28 views

MStore API < 3.9.7 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as Order Status Update, Order Title Update, Product Limit Update, Order Message Update, and Firebase Server Key Update...

4.3CVSS6.7AI score0.00316EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/05/26 9:15 p.m.4 views

AZL-26807 CVE-2023-28319 affecting package mysql for versions less than 8.0.34-1

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

7.5CVSS6.8AI score0.02489EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.4 views

PT-2023-3440 · Curl +4 · Curl +4

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.1.0 Description: A use after free issue exists in the way libcurl verifies an SSH server's public key using a SHA 256 hash. When this check fails, libcurl frees the memory for the fingerprint before returning an error...

9.1CVSS6.2AI score0.62246EPSS
Exploits16References138
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.32 views

K43404629: F5 SSH server key size vulnerability CVE-2020-5917

Security Advisory Description The BIG-IP and BIG-IQ host OpenSSH servers use keys less than 2048 bits that are no longer considered secure. CVE-2020-5917 Impact The BIG-IP system may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Some security scanners, such as the...

5.9CVSS6.2AI score0.00523EPSS
Exploits0Affected Software12
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-1672

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference...

4.3CVSS6.8AI score0.05EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.7 views

SUSE CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

4.3CVSS6.8AI score0.12814EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.3 views

SUSE CVE-2015-7575

Mozilla Network Security Services NSS before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof...

5.9CVSS7.3AI score0.0288EPSS
Exploits0References37
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.8 views

SUSE CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

6.5CVSS8.1AI score0.22098EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-9988

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input...

7.5CVSS6.5AI score0.02114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.7 views

SUSE CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpcpreparses in net/rxrpc/serverkey.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information...

6.6CVSS6.4AI score0.00304EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2022/08/03 7:0 a.m.6 views

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.

...

7.1CVSS7.3AI score0.00304EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/26 5:15 p.m.5 views

CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpcpreparses in net/rxrpc/serverkey.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information...

7.1CVSS6.7AI score0.00304EPSS
Exploits0References4
Rows per page
Query Builder