CVE-2025-14942 Authentication Bypass

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

EUVD-2019-5707

Malware in sbrugna...

EUVD-2020-21514

Malware in sbrugna...

EUVD-2019-13364

Malware in sbrugna...

GHSA-XXMH-RF63-QWJV GitProxy Backfile Parsing Exploit

Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...

CVE-2024-12839

CVE-2024-12839 affects CGFIDO by Changing Information Technology. The login uses a device authentication signature; an unauthenticated remote attacker who obtains this signature can log in with any device after visiting a forged site, constituting an authentication bypass. Connected sources menti...

SUSE CVE-2013-4206

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service crash and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting...

CVE-2017-17287

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00,...

UBUNTU-CVE-2017-11185

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted RSA signature...