Lucene search
K

277 matches found

OSV
OSV
added 2014/02/21 12:0 a.m.2 views

UBUNTU-CVE-2014-1959

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates...

5.8CVSS5.8AI score0.03416EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/12/20 12:0 a.m.10 views

Oracle Linux 5 / 6 : nss (ELSA-2013-1861)

From Red Hat Security Advisory 2013:1861 : Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Network Security Services NSS is a set of libraries...

5.5AI score
Exploits0References2
NVD
NVD
added 2013/07/01 9:55 p.m.19 views

CVE-2013-3926

Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of CVE-2013-3926. The author of the artic...

7.5CVSS7.6AI score0.01937EPSS
Exploits1References2
Prion
Prion
added 2013/07/01 9:55 p.m.26 views

Design/Logic Flaw

Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of CVE-2013-3926. The author of the artic...

7.5CVSS8.2AI score0.01937EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2013/02/04 12:0 a.m.15 views

RedHat Update for nss, nss-util, and nspr RHSA-2013:0213-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/02/01 12:0 a.m.13 views

RHEL 5 : nss and nspr (RHSA-2013:0214)

Updated nss and nspr packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries designe...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/01/15 12:0 a.m.39 views

Mozilla SeaMonkey 2.x <= 2.14 Multiple Vulnerabilities

Binary data 801376.prm...

10CVSS9.2AI score0.73364EPSS
Exploits27References45
Tenable Nessus
Tenable Nessus
added 2013/01/15 12:0 a.m.43 views

Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763,...

10CVSS7.7AI score0.73364EPSS
Exploits31References51
Tenable Nessus
Tenable Nessus
added 2013/01/15 12:0 a.m.36 views

SeaMonkey < 2.15 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.15 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763,...

10CVSS7.7AI score0.73364EPSS
Exploits31References49
Tenable Nessus
Tenable Nessus
added 2013/01/15 12:0 a.m.34 views

Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. CVE-2013-0743 - A use-after-free error exists related to displaying HTML tabl...

9.3CVSS7.8AI score0.73364EPSS
Exploits20References38
ThreatPost
ThreatPost
added 2011/11/04 8:35 p.m.9 views

Another Dutch CA, KPN, Stops Issuing Certificates After Finding DDoS Tool On Server

Another Dutch certificate authority, KPN, has stopped issuing digital certificates after finding attack tools on a server in its Web infrastructures. The CA said that while it doesn’t have evidence right now that it’s CA infrastructure was compromised, it is taking the actions as a precaution. Th...

0.3AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/08 8:9 p.m.5 views

System: SCEP one-time PIN reuse

Red Hat Certificate System RHCS 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN...

4CVSS5.9AI score0.00781EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/08 8:6 p.m.4 views

System: SCEP one-time PIN reuse

Red Hat Certificate System RHCS 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN...

4CVSS5.9AI score0.00781EPSS
Exploits0References4
securityvulns
securityvulns
added 2010/09/17 12:0 a.m.32 views

BACnet OPC Client Buffer Overflow Exploit

!/usr/bin/python bacnet.py BACnet OPC Client Buffer Overflow Exploit Jeremy Brown 0xjbrown41-gmail-com Sept 2010 After communicating via several emails with the vendor, sharing details about the vulnerability, as well as proof-of-concept code I also offered to send the exploit code for them to te...

0.4AI score
Exploits0
Prion
Prion
added 2009/08/12 10:30 a.m.18 views

Design/Logic Flaw

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

7.5CVSS6.4AI score0.02151EPSS
Exploits0References13Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2006/09/21 12:0 a.m.14 views

A forged SSL server certificate can be accepted by Opera as a valid certificate

A specially crafted digital certificate can bypass Opera'scertificate signature verification. Forged certificatescan contain any false information the forger chooses, andOpera will still present it as valid. Opera will not presentany warning dialogs in this case, and the security statuswill be th...

2.1AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.34 views

FreeBSD : MySQL insecure temporary file creation (mysqlbug) (123)

The following package needs to be updated: mysql-client %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg2e1298468fbb11d88b290020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

6.4AI score0.00604EPSS
Exploits0References12
Rows per page
Query Builder