Lucene search
K

969 matches found

CVE
CVE
added 2014/10/25 9:0 p.m.68 views

CVE-2014-5075

CVE-2014-5075 : The Ignite Realtime Smack XMPP API (4.x before 4.0.2; 3.x and 2.x when a custom SSLContext is used) does not verify that the SSL certificate’s CN or SAN matches the server hostname, enabling man-in-the-middle with an arbitrary valid certificate. This is a hostname verification fla...

6.8CVSS8.9AI score0.00924EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2014/10/20 10:55 a.m.18 views

CVE-2014-7506

The Realtime Music Rank aka com.blogspot.imapp.immusicrank2 application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References3
Prion
Prion
added 2014/10/20 10:55 a.m.14 views

Information disclosure

The Realtime Music Rank aka com.blogspot.imapp.immusicrank2 application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/10/20 10:0 a.m.18 views

CVE-2014-7506

The Realtime Music Rank aka com.blogspot.imapp.immusicrank2 application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2014/10/20 10:0 a.m.35 views

CVE-2014-7506

The Realtime Music Rank Android app (package com.blogspot.imapp.immusicrank2), version 5.5, does not verify SSL X.509 certificates, enabling potential MITM attackers to spoof servers and access sensitive information via crafted certificates; no remediation details are provided in the connected so...

5.4CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/10/01 12:0 a.m.74 views

RHEL 6 : MRG (RHSA-2014:1318)

Updated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...

6.9CVSS7AI score0.00764EPSS
Exploits3References17
RedHat Linux
RedHat Linux
added 2014/09/29 7:41 p.m.51 views

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update

Updated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...

6.9CVSS6.9AI score0.00764EPSS
Exploits3References8
0day.today
0day.today
added 2014/09/08 12:0 a.m.40 views

Syslog LogAnalyzer 3.6.5 - Stored XSS Exploit

Exploit for multiple platform in category web applications Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending ...

7.1AI score0.03582EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2014/08/20 10:51 a.m.45 views

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

7.1CVSS6.6AI score0.05794EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/07/09 12:0 a.m.6 views

Ethernet Industrial Protocol (EtherNet/IP) Client Explicit Message Detection

Binary data 7114.pasl...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/07/09 12:0 a.m.9 views

Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection

Binary data 8278.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/07/09 12:0 a.m.7 views

Ethernet Industrial Protocol (EtherNet/IP) Implicit Message Detection

Binary data 8291.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/07/09 12:0 a.m.19 views

Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection

Binary data 7115.pasl...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/07/09 12:0 a.m.15 views

Ethernet Industrial Protocol (EtherNet/IP) Implicit Message Detection

Binary data 7113.pasl...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Standard & Poors ComStock 4.2.4 Machine Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1080/info Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.36 views

openSUSE Security Update : rtkit (openSUSE-SU-2013:1548-1)

rtkit was fixed to avoid a TOCTOU race condition that might have allowed local attackers to gain realtime rights they should not have. CVE-2013-4326 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

4.6CVSS5.3AI score0.00374EPSS
Exploits0References3
NVD
NVD
added 2014/04/30 10:49 a.m.20 views

CVE-2014-0364

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute...

5CVSS6.3AI score0.06242EPSS
Exploits0References6
NVD
NVD
added 2014/04/30 10:49 a.m.20 views

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

5.8CVSS5.7AI score0.0123EPSS
Exploits0References7
Prion
Prion
added 2014/04/30 10:49 a.m.19 views

Design/Logic Flaw

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute...

5CVSS6.8AI score0.06242EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2014/04/30 10:49 a.m.13 views

Design/Logic Flaw

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

5.8CVSS6.2AI score0.0123EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder