Lucene search
K

2418 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:24 a.m.10 views

CVE-2019-10446

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

8.2CVSS6.8AI score0.00993EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 a.m.7 views

CVE-2019-10444

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM...

6.5CVSS6.7AI score0.00799EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.10 views

CVE-2019-10382

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM...

6.5CVSS6.8AI score0.00841EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:41 p.m.7 views

CVE-2009-0128

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...

5.8CVSS6.8AI score0.05146EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/16 9:20 p.m.28 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

5.9CVSS6.8AI score0.00199EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/05/14 9:31 p.m.7 views

Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

5.9CVSS6.7AI score0.00199EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/05/14 8:35 p.m.55 views

CVE-2025-47888

CVE-2025-47888 affects the Jenkins DingTalk Plugin (versions 2.7.3 and earlier). The vulnerability stems from the plugin unconditionally disabling SSL/TLS certificate and hostname validation when connecting to DingTalk webhooks, enabling potential exposure to MITM attacks and compromising confide...

5.9CVSS7AI score0.00199EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.9 views

PT-2025-21241 · Jenkins · Jenkins Dingtalk Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of th...

5.9CVSS6.2AI score0.00199EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/05/10 12:0 a.m.4 views

PT-2025-20615 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco ASA affected versions not specified Description: The issue concerns a bypass of SSL/TLS certificate pinning. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...

6.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/26 4:39 a.m.22 views

CVE-2024-42177

HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...

6.4CVSS7.1AI score0.00144EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/26 4:17 a.m.11 views

CVE-2021-35246

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...

5.3CVSS6.8AI score0.00331EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/24 5:0 p.m.17 views

Shrinking Lifespans, Growing Risk: The Final Certificate Countdown

Recent Developments Severely Shorten Certificate Lifespans. The SSL/TLS ecosystem is shifting rapidly and not in a way that favors already stretched teams. Historically, certificates could be valid for up to 10 years. Certificates now face drastically shorter lifespans. DigiCert and other major...

7.1AI score
Exploits0
NVD
NVD
added 2025/04/17 8:15 p.m.33 views

CVE-2024-42177

HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...

6.4CVSS0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 7:18 p.m.32 views

CVE-2024-42177 HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities

HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...

2.6CVSS0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17226 · Hcl · Hcl Myxalytics

Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue concerns SSL/TLS Protocol vulnerabilities, specifically BREACH and LUCKY13, which allow attackers to exploit weaknesses in ciphers. This can lead to the interception and...

6.4CVSS6.5AI score0.00144EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/03/20 4:21 p.m.14 views

CVE-2024-56347

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

9.6CVSS8AI score0.00858EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/18 5:15 p.m.4 views

CVE-2024-56347

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

9.6CVSS7.7AI score0.00858EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/18 4:16 p.m.13 views

CVE-2024-56347 IBM AIX command execution

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

9.6CVSS0.00858EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/18 4:16 p.m.37 views

CVE-2024-56347 IBM AIX command execution

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

9.6CVSS7.9AI score0.00858EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-3731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to...

7.5CVSS7.1AI score0.57595EPSS
Exploits1References2
Rows per page
Query Builder