Lucene search
K

784 matches found

OSV
OSV
added 2025/07/10 8:15 a.m.3 views

UBUNTU-CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.9AI score0.01179EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/10 8:5 a.m.15 views

CVE-2025-32989 Gnutls: vulnerability in gnutls sct extension parsing

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS0.01179EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2025/07/10 8:5 a.m.2 views

CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS5.7AI score0.01179EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/07/10 8:5 a.m.3 views

CVE-2025-32989 Gnutls: vulnerability in gnutls sct extension parsing

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.5AI score0.01179EPSS
Exploits0References11
CVE
CVE
added 2025/07/10 8:5 a.m.83 views

CVE-2025-32989

CVE-2025-32989 : A heap-buffer-overread in GnuTLS occurs during X.509 certificate parsing of the CT SCT extension (OID 1.3.6.1.4.1.11129.2.4.2). A malformed SCT can lead to exposure of confidential data when certificates are validated for certain sites and SCT checks are not performed correctly. ...

5.3CVSS6.4AI score0.01179EPSS
Exploits0References13Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/10 8:4 a.m.5 views

CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.6AI score0.01179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.4 views

PT-2025-29041

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified gnutls28 versions prior to 3.7.9-2+deb12u5 gnutls30 versions prior to 3.8.10-alt1 Description GnuTLS is a library that implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. A...

5.3CVSS6.9AI score0.01179EPSS
Exploits0References96
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.1 views

GnuTLS 信任管理问题漏洞

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols from the GnuTLS open source. A trust management issue vulnerability exists in GnuTLS that stems from improper handling of CT SCT extensions when resolving X.509 certificates, which could lead to...

5.3CVSS5.9AI score0.01179EPSS
Exploits0References4
Filippo.io
Filippo.io
added 2025/07/07 5:47 p.m.10 views

You Should Run a Certificate Transparency Log

Hear me out. If you are an organization with some spare storage and bandwidth, or an engineer looking to justify an overprovisioned homelab, you should consider running a Certificate Transparency log. It’s cheaper, easier, and more important than you might think. Certificate Transparency CT is on...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/05 12:0 a.m.5 views

Cloud Digital Forensic Readiness: an Open Source Approach to Law Enforcement Request Management

Cloud Forensics presents a multi-jurisdictional challenge that may undermines the success of digital forensic investigations DFIs. The growing volumes of domiciled and foreign law enforcement LE requests, the latency and complexity of formal channels for crossborder data access are challenging...

6.7AI score
Exploits0
HackRead
HackRead
added 2025/06/27 10:31 a.m.4 views

Researchers Warn Free VPNs Could Leak US Data to China

Tech Transparency Project warns Chinese-owned VPNs like Turbo VPN and X-VPN remain on Apple and Google app stores, raising national security concerns...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.3 views

Reversing the Paradigm: Building AI-First Systems with Human Guidance

The relationship between humans and artificial intelligence is no longer science fiction -- it's a growing reality reshaping how we live and work. AI has moved beyond research labs into everyday life, powering customer service chats, personalizing travel, aiding doctors in diagnosis, and supporti...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.0 views

Core.ai Phoenix Code 安全漏洞

Core.ai Phoenix Code is a lightweight text editor from Core.ai India. A security vulnerability exists in Core.ai Phoenix Code that stems from allowing dynamic library injection, which could lead to a local attacker bypassing TCC...

4.8CVSS6.5AI score0.00211EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/06/18 12:0 a.m.5 views

Tracking GPTs Third Party Service: Automation, Analysis, and Insights

ChatGPT has quickly advanced from simple natural language processing to tackling more sophisticated and specialized tasks. Drawing inspiration from the success of mobile app ecosystems, OpenAI allows developers to create applications that interact with third-party services, known as GPTs. GPTs ca...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/17 12:0 a.m.5 views

KGMark: a Diffusion Watermark for Knowledge Graphs

Knowledge graphs KGs are ubiquitous in numerous real-world applications, and watermarking facilitates protecting intellectual property and preventing potential harm from AI-generated content. Existing watermarking methods mainly focus on static plain text or image data, while they can hardly be...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.3 views

Review of Blockchain-Based Approaches to Spent Fuel Management in Nuclear Power Plants

This study addresses critical challenges in managing the transportation of spent nuclear fuel, including inadequate data transparency, stringent confidentiality requirements, and a lack of trust among collaborating parties, issues prevalent in traditional centralized management systems. Given the...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.3 views

Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response

Large language models hold considerable promise for supporting forensic investigations, but their widespread adoption is hindered by a lack of transparency, explainability, and reproducibility. This paper explores how the emerging Model Context Protocol can address these challenges and support th...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.6 views

Machine Learning Models Have a Supply Chain Problem

Powerful machine learning ML models are now readily available online, which creates exciting possibilities for users who lack the deep technical expertise or substantial computing resources needed to develop them. On the other hand, this type of open ecosystem comes with many risks. In this paper...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.4 views

CVE-2024-55655

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...

6.9CVSS6.8AI score0.00235EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/05/22 9:59 a.m.9 views

CVE-2025-4280

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

4.8CVSS5.6AI score0.00148EPSS
Exploits0
Rows per page
Query Builder