felmoltor

2 exploits Active since Jan 2015

CVE-2015-0204 NOMISEC SCANNER

OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - RSA-to-EXPORT_RSA Downgrade Attack via Weak Ephemeral RSA Key

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

2 stars

View Code

CVE-2024-48990 NOMISEC HIGH WORKING POC

Ubuntu needrestart Privilege Escalation

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.

CVSS 7.8

View Code