Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0839 | 1 Hp | 1 Linux Imaging And Printing | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads. | |||||
| CVE-2016-6882 | 1 Matrixssl | 1 Matrixssl | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | |||||
| CVE-2016-2217 | 1 Dest-unreach | 1 Socat | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | |||||
| CVE-2015-4166 | 1 Cloudera | 1 Key Trustee Server | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | |||||
| CVE-2016-6886 | 1 Matrixssl | 1 Matrixssl | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | |||||
| CVE-2015-7503 | 1 Zend | 1 Zend Framework | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. | |||||
| CVE-2016-9963 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2025-04-20 | 2.6 LOW | 5.9 MEDIUM |
| Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | |||||
| CVE-2016-10011 | 1 Openbsd | 1 Openssh | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | |||||
| CVE-2015-8542 | 1 Open-xchange | 1 Ox Guard | 2025-04-12 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID. The "auth" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the "id" and "cid" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the "id" and "cid" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and "guests" which use the external mail reader. | |||||
| CVE-2025-3177 | 1 Fastcms Project | 1 Fastcms | 2025-04-08 | 4.6 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2220 | 1 Odysseyautomation | 1 Odyssey Cms | 2025-03-25 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10920 | 1 Mariazevedo88 | 1 Travels-java-api | 2024-11-22 | 2.1 LOW | 3.1 LOW |
| A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-36391 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic | |||||
| CVE-2019-9894 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | |||||
| CVE-2019-9150 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported. | |||||
| CVE-2019-5672 | 1 Nvidia | 2 Jetson Tx1, Jetson Tx2 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. | |||||
| CVE-2018-9234 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. | |||||
| CVE-2018-7559 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. | |||||
| CVE-2018-7534 | 1 Unisys | 1 Stealth Authorization Server | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. | |||||
| CVE-2018-20187 | 1 Botan Project | 1 Botan | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement. | |||||