167 matches found
USN-1106-1: NSS vulnerabilities
It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their...
Ubuntu Update for qt4-x11 vulnerabilities USN-1101-1
Ubuntu Update for Linux kernel vulnerabilities USN-1101-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11011.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for qt4-x11 vulnerabilities USN-1101-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...
USN-1101-1: Qt vulnerabilities
It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blocklist to prevent their misuse...
IMAP Service STARTTLS Plaintext Command Injection
The remote IMAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...
SMTP Service STARTTLS Plaintext Command Injection
The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...
POP3 Service STLS Plaintext Command Injection
The remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to ste...
Ubuntu Update for w3m vulnerability USN-967-1
Ubuntu Update for Linux kernel vulnerabilities USN-967-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9671.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for w3m vulnerability USN-967-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.n...
Ubuntu Update for irssi vulnerabilities USN-929-1
Ubuntu Update for Linux kernel vulnerabilities USN-929-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9291.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for irssi vulnerabilities USN-929-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu Update for PostgreSQL vulnerabilities USN-876-1
Ubuntu Update for Linux kernel vulnerabilities USN-876-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8761.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerabilities USN-876-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
[USN-858-1] OpenLDAP vulnerability
=========================================================== Ubuntu Security Notice USN-858-1 November 12, 2009 openldap2.2 vulnerability CVE-2009-3767 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory...
USN-858-1: OpenLDAP vulnerability
It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...
USN-842-1: Wget vulnerability
It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...
USN-835-1: neon vulnerabilities
Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...
Ubuntu 8.04 LTS / 8.10 / 9.04 : kde4libs, kdelibs vulnerability (USN-833-1)
It was discovered that KDE did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable...
USN-833-1: KDE-Libs vulnerability
It was discovered that KDE did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...
Ubuntu 8.04 LTS / 8.10 / 9.04 : qt4-x11 vulnerability (USN-829-1)
It was discovered that Qt did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. CVE-2009-2700. Not...
USN-818-1: curl vulnerability
Scott Cantor discovered that Curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...
Ubuntu USN-810-2 (fixed)
The remote host is missing an update to fixed announced via advisory USN-810-2. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : fetchmail vulnerability (USN-816-1)
Matthias Andree discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Securi...
USN-816-1: fetchmail vulnerability
Matthias Andree discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...