Lucene search
K

77 matches found

Vulnrichment
Vulnrichment
added 2024/03/12 8:41 p.m.13 views

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7AI score0.00716EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 8:41 p.m.32 views

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7.5AI score0.00716EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.33 views

GLSA-202312-05 : libssh: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-05 libssh: Multiple Vulnerabilities - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and t...

6.5CVSS6.1AI score0.04683EPSS
Exploits2References6
Prion
Prion
added 2023/03/16 9:15 p.m.17 views

Input validation

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

2.6CVSS5.4AI score0.00617EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/01 12:0 a.m.32 views

FreeBSD : libssh -- possible heap-buffer overflow vulnerability (57b1ee25-1a7c-11ec-9376-0800272221cc)

libssh security advisories : The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

6.5CVSS6.3AI score0.04683EPSS
Exploits0References4
NVD
NVD
added 2021/08/31 5:15 p.m.20 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS0.04683EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2021/08/31 12:0 a.m.47 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS6.2AI score0.04683EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/08/31 12:0 a.m.33 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS6.9AI score0.04683EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/08/26 1:32 p.m.41 views

CVE-2021-3634

A flaw has been found in libssh. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

6.5CVSS1.7AI score0.04683EPSS
Exploits0References3
OSV
OSV
added 2021/01/15 6:15 p.m.6 views

CVE-2021-0220

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...

6.8CVSS6.8AI score0.01154EPSS
Exploits0References1
NVD
NVD
added 2021/01/15 6:15 p.m.17 views

CVE-2021-0220

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...

6.8CVSS6.9AI score0.01154EPSS
Exploits0References1
Prion
Prion
added 2021/01/15 6:15 p.m.24 views

Design/Logic Flaw

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...

3.5CVSS6.9AI score0.01154EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/01/15 5:36 p.m.17 views

CVE-2021-0220 Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...

6.8CVSS7.1AI score0.01154EPSS
Exploits0References1
CVE
CVE
added 2021/01/15 5:36 p.m.72 views

CVE-2021-0220

CVE-2021-0220 (Juniper Junos Space) affects Junos Space versions prior to 20.3R1. The issue is that shared secrets are stored in a recoverable format and can be exposed through the UI. An attacker who can run arbitrary code in the victim’s browser (e.g., via XSS) or access cached contents may obt...

6.8CVSS6.9AI score0.01154EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2020/09/22 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-4521-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01673EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/09/21 2:33 p.m.71 views

USN-4521-1: pam_tacplus vulnerability

It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information...

7.5CVSS7.2AI score0.01673EPSS
Exploits0
OSV
OSV
added 2020/09/21 2:33 p.m.4 views

USN-4521-1 libpam-tacplus vulnerability

It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information...

7.5CVSS7.1AI score0.01673EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/21 12:0 a.m.28 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : pam_tacplus vulnerability (USN-4521-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4521-1 advisory. It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could...

7.5CVSS7.3AI score0.01673EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.26 views

Debian DLA-2239-1 : libpam-tacplus security update

It was discovered that there was an issue in libpam-tacplus a security module for using the TACACS+ authentication service where shared secrets such as private server keys were being added in the clear to various logs. For Debian 8 'Jessie', this issue has been fixed in libpam-tacplus version...

7.5CVSS7.1AI score0.01673EPSS
Exploits0References3
OSV
OSV
added 2020/04/15 9:15 p.m.3 views

CVE-2020-11658

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization...

9.8CVSS7.3AI score0.02009EPSS
Exploits0References3
Rows per page
Query Builder