2017 matches found
Moderate: Red Hat Security Advisory: rhpki-util, rhpki-common, and rhpki-ca security and bug fix update
Updated rhpki-util, rhpki-common, and rhpki-ca packages that fix a security issue and several bugs are now available for Red Hat Certificate System 7.3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an...
rhcs CRL can get corrupted
Certificate Server 7.2 in Red Hat Certificate System RHCS does not properly handle new revocations that occur while a Certificate Revocation List CRL is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
Design/Logic Flaw
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
CVE-2008-2420
CVE-2008-2420 affects stunnel’s OCSP search functionality (pre-4.24) where certificate revocation lists (CRLs) are not properly checked. This can let a remote attacker bypass access restrictions by presenting a revoked certificate, as described in multiple advisories; Mandriva notes updated packa...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
MySQL improper permission revocation
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...
Design/Logic Flaw
Certificate Server 7.2 in Red Hat Certificate System RHCS does not properly handle new revocations that occur while a Certificate Revocation List CRL is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to...
Cross site scripting
Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...
CVE-2007-5796
Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...
CVE-2007-5796
Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...
Moderate: Red Hat Security Advisory: rhpki-util, rhpki-common, rhpki-ca security update
Updated rhpki-util, rhpki-common, and rhpki-ca packages that fix a security issue are now available for Red Hat Certificate System 7.2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software...
rhcs CRL can get corrupted
Certificate Server 7.2 in Red Hat Certificate System RHCS does not properly handle new revocations that occur while a Certificate Revocation List CRL is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to...
Authentication flaw
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed...