Lucene search
K

155 matches found

CNNVD
CNNVD
added 2025/03/19 12:0 a.m.2 views

GnuPG 安全漏洞

GnuPG is a suite of open source cryptographic software from the American GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. A security vulnerability exists in GnuPG versions prior to 2.5.5, which stems from th...

4.7CVSS4.3AI score0.00179EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/19 12:0 a.m.6 views

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

2.7CVSS3.9AI score0.00179EPSS
Exploits1References3
CVE
CVE
added 2025/03/19 12:0 a.m.135 views

CVE-2025-30258

In GNUPG before 2.5.5, importing a certificate with crafted subkey data that lacks a valid backsig or has incorrect usage flags can cause a verification DoS, disabling signature verification for certain other signing keys. This CVE affects GnuPG’s subkey import handling; impact is limited to sign...

4.7CVSS3.9AI score0.00179EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/03/19 12:0 a.m.14 views

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

2.7CVSS0.00179EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/03/19 12:0 a.m.5 views

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS4.6AI score0.00179EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/03/19 12:0 a.m.8 views

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS7.2AI score0.00179EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/08/27 7:39 a.m.23 views

CVE-2023-4680

A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/05/31 12:0 a.m.24 views

SUSE SLED15: python3-rpm / python311-rpm / rpm / rpm-32bit / rpm-build / etc (SUSE-SU-2024:1557-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-2 advisory. Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: ...

4.7CVSS6.8AI score0.00302EPSS
Exploits0References6
OSV
OSV
added 2024/05/08 9:42 a.m.11 views

SUSE-SU-2024:1557-1 Security update for rpm

This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...

4.7CVSS4.9AI score0.00302EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:8 a.m.20 views

BIT-VAULT-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2023/09/15 12:30 a.m.20 views

GHSA-V84F-6R39-CPFC HashiCorp Vault Improper Input Validation vulnerability

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/09/15 12:15 a.m.23 views

CVE-2023-4680

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

6.8CVSS7.2AI score0.00368EPSS
Exploits0
NVD
NVD
added 2023/09/15 12:15 a.m.27 views

CVE-2023-4680

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

6.8CVSS6.9AI score0.00368EPSS
Exploits0References1
Prion
Prion
added 2023/09/15 12:15 a.m.26 views

Design/Logic Flaw

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

3.6CVSS6.9AI score0.00368EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/14 11:6 p.m.32 views

CVE-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References1
CVE
CVE
added 2023/09/14 11:6 p.m.653 views

CVE-2023-4680

CVE-2023-4680 affects HashiCorp Vault/Vault Enterprise transit secrets engine. The vulnerability allows an authorized user to specify arbitrary nonces, even when convergent encryption is disabled. The encrypt endpoint, with an offline attack, could decrypt arbitrary ciphertext and potentially der...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/14 12:0 a.m.7 views

PT-2023-9602 · Hashicorp +2 · Hashicorp Vault +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.6.0 through 1.12.10 HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.6 HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.2 Description: The issue is related to...

7.5CVSS9AI score0.00792EPSS
Exploits0References20
CNVD
CNVD
added 2023/06/29 12:0 a.m.12 views

Trend Micro Apex One elevation of privilege vulnerability (CNVD-2023-65421)

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to an agent subkey...

7.8CVSS6.8AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2023/06/26 10:15 p.m.6 views

CVE-2023-34148

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...

7.8CVSS7.3AI score0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.15 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to an agent subkey...

7.8CVSS7AI score0.00234EPSS
Exploits0References3
Rows per page
Query Builder