Lucene search
K

2082 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.2 views

SUSE CVE-2019-19272

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer a variable initialized to NULL leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup...

7.5CVSS6.2AI score0.00947EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

6.5CVSS9.6AI score0.04575EPSS
Exploits1References137
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.2 views

SUSE CVE-2020-26957

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...

6.5CVSS8.4AI score0.00544EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.3 views

SUSE CVE-2020-29663

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3...

5.3CVSS6.8AI score0.01554EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.1 views

SUSE CVE-2020-36425

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock...

5.3CVSS5.3AI score0.00907EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.3 views

SUSE CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the...

7.5CVSS8.2AI score0.0065EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

5.3CVSS5.3AI score0.01367EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.2 views

SUSE CVE-2022-1197

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a...

6.1CVSS9AI score0.00373EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.4 views

SUSE CVE-2022-2447

A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...

6.6CVSS6.3AI score0.00607EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.1 views

SUSE CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

9.8CVSS9AI score0.01635EPSS
Exploits1References56
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.5 views

SUSE CVE-2022-23041

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7.5CVSS7AI score0.00351EPSS
Exploits0References29
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

7.5CVSS6.9AI score0.01283EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

6.5CVSS6.8AI score0.01634EPSS
Exploits0References6
hivepro
hivepro
added 2023/02/10 12:55 p.m.64 views

OpenSSL Releases Update to Address Several High-Severity Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The OpenSSL Project has released fixes for several security flaws, including a high-severity bug CVE-2023-0286 that could expose users to malicious attacks. The bug is related to a type of confusi...

1.5AI score0.59501EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/02/09 9:51 a.m.2 views

OpenSSL Fixes Multiple New Security Flaws with Latest Update

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an...

7.5CVSS7.5AI score0.59501EPSS
Exploits0
CNVD
CNVD
added 2023/02/09 12:0 a.m.4 views

Mozilla Thunderbird Trust Management Issues Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird suffers from a trust management issue because it fails to check the...

6.5CVSS6.3AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.6 views

AZL-13564 CVE-2023-0286 affecting package openssl for versions less than 1.1.1k-21

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.7 views

AZL-13701 CVE-2023-0286 affecting package cloud-hypervisor for versions less than 30.0-2

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.2 views

ALPINE-CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS6.8AI score0.59501EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.17 views

AlmaLinux 8 : thunderbird (ALSA-2023:0606)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:0606 advisory. - Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid...

6.5CVSS7.5AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder