Skip to main content
CVE-2015-8803 CRITICAL PATCH Act Now

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3%.

Information Disclosure Nettle Ubuntu Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2015-8804 CRITICAL PATCH Act Now

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Information Disclosure Nettle Ubuntu Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
11.9%
CVE-2015-8805 CRITICAL PATCH Act Now

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nettle Ubuntu Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2013-7448 HIGH This Week

Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Debian Linux Didiwiki
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-2537 HIGH PATCH This Week

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Is My Json Valid
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-1157 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Log Chat
NVD
CVSS 3.0
6.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy