Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14864 matches found

Veracode
Veracodeadded 2023/07/18 11:20 a.m.40 views

Improper Certificate Validation

cryptography is vulnerable to Improper Certificate Validation. The vulnerability exists due to the parseextsopts function in ssh.py because loading ssh certificates generated with ssh-keygen or SSHCertificateBuilder yields unexpected results which potentially allows an attacker to perform...

7.5CVSS6.7AI score0.00613EPSS
Exploits1References10Affected Software2
SUSE CVE
SUSE CVEadded 2023/07/18 1:55 a.m.3 views

SUSE CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

6.2CVSS8.4AI score0.00613EPSS
Exploits1References3
GithubExploit
GithubExploitadded 2023/07/17 10:21 p.m.389 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

auto-cve-2022-44268 Automating expl...

6.5CVSS6.8AI score0.89855EPSS
Exploits28
0day.today
0day.todayadded 2023/07/15 12:0 a.m.178 views

Icinga Web 2.10 - Authenticated Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Authenticated Remote Code Execution Exploit Author: Dante CoronaAka. cxdxnt Software Link: https://github.com/Icinga/icingaweb2 Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2....

8.8CVSS7.1AI score0.1467EPSS
Exploits5
NVD
NVDadded 2023/07/14 10:15 p.m.19 views

CVE-2023-37268

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

8.8CVSS0.00465EPSS
Exploits0References2
Prion
Prionadded 2023/07/14 10:15 p.m.20 views

Authentication flaw

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

6.5CVSS8.4AI score0.00465EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2023/07/14 9:31 p.m.151 views

cryptography mishandles SSH certificates

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

7.5CVSS7AI score0.00613EPSS
Exploits1References12Affected Software1
CVE
CVEadded 2023/07/14 9:2 p.m.48 views

CVE-2023-37268

CVE-2023-37268 affects Warpgate, a Linux bastion host providing SSH/HTTPS/MySQL access. The issue allows an attacker to log in as another user when the attacker’s account uses SSO, enabling credential-forgery if the target account has no second factor. The root cause is an authorization flaw tied...

8.8CVSS7.3AI score0.00465EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/07/14 9:2 p.m.25 views

CVE-2023-37268 User login confusion with SSO in warpgate

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

6.4CVSS6.7AI score0.00465EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/07/14 9:2 p.m.21 views

CVE-2023-37268 User login confusion with SSO in warpgate

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

6.4CVSS8.7AI score0.00465EPSS
Exploits0References2
OSV
OSVadded 2023/07/14 9:2 p.m.21 views

CVE-2023-37268 User login confusion with SSO in warpgate

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

6.4CVSS8.2AI score0.00465EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2023/07/14 8:15 p.m.3 views

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

7.5CVSS6.7AI score0.00613EPSS
Exploits1References8
OSV
OSVadded 2023/07/14 8:15 p.m.30 views

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

7.5CVSS7.2AI score
Exploits0References6
NVD
NVDadded 2023/07/14 8:15 p.m.19 views

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

7.5CVSS0.00613EPSS
Exploits1References6
UbuntuCve
UbuntuCveadded 2023/07/14 8:15 p.m.23 views

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

7.5CVSS6.8AI score0.00613EPSS
Exploits1References4
Prion
Prionadded 2023/07/14 8:15 p.m.27 views

Code injection

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

5CVSS7.5AI score0.00613EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichmentadded 2023/07/14 12:0 a.m.30 views

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

6.8AI score0.00613EPSS
Exploits1References6
CVE
CVEadded 2023/07/14 12:0 a.m.742 views

CVE-2023-38325

CVE-2023-38325 : The cryptography package (Python) before 41.0.2 mishandles SSH certificates with critical options. Public IBM/IBM Cloud Pak for Data System 2.0 advisories confirm this CVE applies to IBM Cloud Pak for Data System 2.0 (versions 2.0.0.0–2.0.2.1.IF2) and that a security patch is ava...

7.5CVSS7.5AI score0.00613EPSS
Exploits1References6Affected Software1
CNNVD
CNNVDadded 2023/07/14 12:0 a.m.2 views

python-cryptography 信任管理问题漏洞

python-cryptography is a Python code library for cryptographic applications from the Cryptographic team. A security vulnerability exists in python-cryptography versions prior to 41.0.2, which stems from incorrectly handling SSH certificates with critical options...

7.5CVSS6.5AI score0.00613EPSS
Exploits1References8
Cvelist
Cvelistadded 2023/07/14 12:0 a.m.26 views

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

7.8AI score0.00613EPSS
Exploits1References6
Rows per page
Query Builder