Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crypto vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated malicious users to register as an Admin account via a crafted POST request.
Trendylogics Crypto Currency Tracker
5.4
CVSSv3
CVE-2023-49150
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a up to and including 1.8.1.
Currencyratetoday Crypto Converter Widget
7.5
CVSSv3
CVE-2018-13210
The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Providence Providence Crypto Casino -
7.5
CVSSv3
CVE-2016-8212
An issue exists in EMC RSA BSAFE Crypto-J versions before 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a n...
Dell Bsafe Crypto-j
3.7
CVSSv3
CVE-2016-8217
EMC RSA BSAFE Crypto-J versions before 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file t...
Dell Bsafe Crypto-j
NA
CVE-2006-6145
CRYPTOCard CRYPTO-Server prior to 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obta...
Cryptocard Crypto-server 6.4.55
2.5
CVSSv3
CVE-2020-8912
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-...
Amazon Aws S3 Crypto Sdk
9.1
CVSSv3
CVE-2023-28725
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote malicious users to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploite...
Generalbytes Crypto Application Server 20230120
5.6
CVSSv3
CVE-2020-8911
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 buc...
Amazon Aws S3 Crypto Sdk
NA
CVE-2012-3504
The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.
Fedoraproject Crypto-utils 2.4.1-34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »