CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50782 – Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
https://notcve.org/view.php?id=CVE-2023-50782
05 Feb 2024 — A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. Hubert Kario dis... • https://access.redhat.com/security/cve/CVE-2023-50782 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-50781 – M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657
https://notcve.org/view.php?id=CVE-2023-50781
05 Feb 2024 — A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en m2crypto. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. • https://access.redhat.com/security/cve/CVE-2023-50781 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3644 – Pulp: Tokens stored in plaintext
https://notcve.org/view.php?id=CVE-2022-3644
25 Oct 2022 — The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. La colección remota para pulp_ansible almacena tokens en texto plano en lugar de usar el campo encriptado de pulp y los expone en modo de lectura/escritura por medio de la API () en lugar de marcarla como sólo de escritura A flaw exists in the collection remote for pulp_ansible, where tokens are stored in plaintext i... • https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 35EXPL: 1CVE-2021-3672 – c-ares: Missing input validation of host names may lead to domain hijacking
https://notcve.org/view.php?id=CVE-2021-3672
10 Aug 2021 — A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. Se ha encontrado un fallo en la biblioteca c-ares, en la que una falta de comprobación de la comprobación de entrada de los nombres de host devueltos por los DNS (Servidores de Nombres d... • https://bugzilla.redhat.com/show_bug.cgi?id=1988342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 75%CPEs: 54EXPL: 1CVE-2020-9490 – httpd: Push diary crash on specifically crafted HTTP/2 header
https://notcve.org/view.php?id=CVE-2020-9490
07 Aug 2020 — Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43.. Un valor especialmente diseñado para el encabezado "Cache-Digest" en una petición HTTP/2 resultaría en un bloqueo cuando el servidor realmente... • https://packetstorm.news/files/id/160392 • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2013-4518
https://notcve.org/view.php?id=CVE-2013-4518
04 Nov 2019 — RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates RHUI (Red Hat Update Infrastructure) versión 2.1.3, presenta certificados de titularidad PKI legibles por todo el mundo. • https://access.redhat.com/security/cve/cve-2013-4518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •