Lucene search
+L

146 matches found

cnnvd
cnnvd
added 2022/06/08 12:0 a.m.4 views

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A code issue vulnerability exists in the Linux kernel that stems from a NULL pointer dereference error in rxrpcpreparses in net/rxrpc/serverkey.c in the Linux kernel. A local attacker can exploit this...

7.1CVSS6.9AI score0.00304EPSS
Exploits0References10
osv
osv
added 2022/04/24 9:39 p.m.8 views

GSD-2022-1001756 rxrpc: fix some null-ptr-deref bugs in server_key.c

rxrpc: fix some null-ptr-deref bugs in serverkey.c This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

7.3AI score
Exploits0
osv
osv
added 2022/04/24 9:12 p.m.7 views

GSD-2022-1001434 rxrpc: fix some null-ptr-deref bugs in server_key.c

rxrpc: fix some null-ptr-deref bugs in serverkey.c This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

7.3AI score
Exploits0
ptsecurity
ptsecurity
added 2022/03/31 12:0 a.m.4 views

PT-2022-3210 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference flaw was found in rxrpc preparse s in net/rxrpc/server key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kern...

9.8CVSS7.1AI score0.67994EPSS
Exploits200References1270
osv
osv
added 2022/02/25 3:15 p.m.4 views

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...

5.3CVSS6.1AI score0.00681EPSS
Exploits0References2
nessus
nessus
added 2021/10/13 12:0 a.m.267 views

SSH Host Keys < 2048 Bits Considered Weak

Brute force setting must be enabled to use this plugin. The remote SSH server has a host key size that is smaller than 2048 bits. NIST Special Publication 800-57 Part 3 Recommendation for Key Management recommends RSA keys greater or equal to 2048 bits in length. TRUSTED...

5.5AI score
Exploits0References1
cnnvd
cnnvd
added 2021/09/01 12:0 a.m.6 views

Elasticsearch 安全漏洞

Elasticsearch is a search engine based on the Lucene library. Elasticsearch suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to bypass restrictions via Elasticsearch's Fleet-server service API key in order to escalate his privileges...

8.8CVSS7.9AI score0.00714EPSS
Exploits0References4
hackerone
hackerone
added 2021/07/09 12:0 p.m.31 views

MCUboot: private keys exposed on the GitHub repository

Summary: When I searched Github for sensitive information I found some privet key in GitHub repository. these are private RSA key and private server key, which could be used for unauthorized access. Steps To Reproduce: VISIT THESE LINKS: Repository : EX:...

6.6AI score
Exploits0
hackerone
hackerone
added 2021/06/15 12:14 p.m.38 views

MCUboot: private keys exposed on the GitHub repository

Summary: When I searched Github for sensitive information I found some privet key in GitHub repository. these are private RSA key and private server key, which could be used for unauthorized access. Steps To Reproduce: VISIT THESE LINKS: Repository : EX:...

6.6AI score
Exploits0
packetstorm
packetstorm
added 2020/07/27 12:0 a.m.470 views

Sickbeard 0.1 Cross Site Request Forgery

Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...

0.1AI score
Exploits0
osv
osv
added 2020/07/22 9:49 p.m.12 views

OSV-2020-1150 Global-buffer-overflow in ssl_sigalg

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13800 Crash type: Global-buffer-overflow READ 2 Crash state: sslsigalg ssl3getserverkeyexchange ssl3connect...

7.2AI score
Exploits0References1
hackerone
hackerone
added 2020/05/17 11:2 p.m.7 views

Kubernetes: Private RSA key and Server key exposed on the GitHub repository

Report Submission Form Summary: I was searching for sensitive data in Kubernetes repository where I found these private keys. These are private RSA key and private server key, which could be used for unauthorized access. Steps To Reproduce: VISIT THESE LINKS Repository : kubernetes / kubernetes...

0.5AI score
Exploits0
ibm
ibm
added 2019/12/18 2:26 p.m.47 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM i (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM i. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPOR...

4.3CVSS1.3AI score0.9986EPSS
Exploits1Affected Software1
osv
osv
added 2019/11/06 7:15 p.m.9 views

CVE-2019-5642

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

3.3CVSS5.8AI score0.0031EPSS
Exploits0References1
checkpoint_advisories
checkpoint_advisories
added 2019/02/17 12:0 a.m.2 views

OpenSSL Denial of Service (CVE-2018-0732)

A denial-of-service vulnerability has been reported in OpenSSL. The vulnerability is due to improper handling of an exceptionally large DH parameter when processing a Server Key Exchange. Successful exploitation would result in a crash of the server process leading to denial of service...

5CVSS1.9AI score0.49268EPSS
Exploits0
nessus
nessus
added 2018/04/24 12:0 a.m.90 views

FreeBSD : mbed TLS (PolarSSL) -- multiple vulnerabilities (d8382a69-4728-11e8-ba83-0011d823eebd)

Simon Butcher reports : - Defend against Bellcore glitch attacks by verifying the results of RSA private key operations. - Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute-force attack on the HMAC key of a single, uninterrupted connecti...

5.7AI score
Exploits0References2
osv
osv
added 2018/04/10 7:29 p.m.4 views

UBUNTU-CVE-2018-9989

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that could cause a crash on invalid input...

7.5CVSS7.1AI score0.02173EPSS
Exploits0References5
osv
osv
added 2018/04/10 7:29 p.m.4 views

UBUNTU-CVE-2018-9988

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input...

7.5CVSS7.1AI score0.02114EPSS
Exploits0References5
osv
osv
added 2018/04/10 7:29 p.m.3 views

DEBIAN-CVE-2018-9988

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input...

7.5CVSS7.2AI score0.02114EPSS
Exploits0References1
cve
cve
added 2018/04/10 7:0 p.m.72 views

CVE-2018-9988

CVE-2018-9988 affects ARM mbed TLS prior to 2.1.11, 2.7.2, and 2.8.0, with a buffer over-read in ssl_parse_server_key_exchange that could cause a crash on invalid input. Public-branch fixes exist in newer mbed TLS releases, and downstream advisories (e.g., Debian DLA-2826-1) note updates to mitig...

7.5CVSS7.4AI score0.02114EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder