Lucene search
K

145 matches found

Debian
Debian
added 2014/09/20 6:14 a.m.24 views

[SECURITY] [DSA 3029-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3029-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 20, 2014 http://www.debian.org/security/faq -...

4.3CVSS5.6AI score0.05654EPSS
Exploits0
OSV
OSV
added 2014/09/20 12:0 a.m.21 views

DSA-3029-1 nginx - security update

Bulletin has no description...

4.3CVSS6.3AI score0.05654EPSS
Exploits0
OSV
OSV
added 2014/09/17 12:0 a.m.15 views

DLA-55-1 nginx - security update

Bulletin has no description...

4.3CVSS6.3AI score0.05654EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/08/19 12:0 a.m.75 views

nginx < 1.6.1 / 1.7.4 SMTP STARTTLS Command Injection

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 1.5.6 or higher, 1.6.x prior to 1.6.1, or 1.7.x prior to 1.7.4. It is, therefore, affected by a command injection vulnerability. A flaw exists in the function...

6.8CVSS5.6AI score0.07832EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/08/10 12:0 a.m.32 views

FreeBSD : nginx -- inject commands into SSL session vulnerability (ad747a01-1fee-11e4-8ff1-f0def16c5c1b)

"The nginx project reports : Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy CVE-2014-3556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

6.8CVSS5.3AI score0.07832EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.359 views

Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support

No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...

5CVSS8.2AI score0.99999EPSS
Exploits87
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.87 views

Heartbleed OpenSSL - Information Leak Exploit (1)

No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...

5CVSS8.2AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.90 views

APPLE-SA-2014-04-22-2 iOS 7.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: An attacker in a privileged network positio...

10CVSS9.2AI score0.34782EPSS
Exploits14
Packet Storm
Packet Storm
added 2014/04/24 12:0 a.m.273 views

Heartbleed OpenSSL Information Leak Proof Of Concept

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

5CVSS8.2AI score0.99999EPSS
Exploits87
Exploit DB
Exploit DB
added 2014/04/24 12:0 a.m.850 views

OpenSSL TLS Heartbeat Extension - &#039;Heartbleed&#039; Information Leak (2) (DTLS Support)

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

7.5CVSS7.8AI score0.99999EPSS
Exploits87
Exploit DB
Exploit DB
added 2014/04/10 12:0 a.m.105 views

OpenSSL TLS Heartbeat Extension - &#039;Heartbleed&#039; Information Leak (1)

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

7.5CVSS8.2AI score0.99999EPSS
Exploits87
Prion
Prion
added 2013/11/18 3:55 a.m.20 views

Design/Logic Flaw

The SSL VPN implementation in Cisco IOS 15.31T2 and earlier allows remote authenticated users to cause a denial of service interface queue wedge via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568...

6.8CVSS6.7AI score0.01498EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/06/25 2:38 p.m.15 views

Design/Logic Flaw

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the...

5.4CVSS6.6AI score0.00868EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2013/06/25 2:0 p.m.65 views

CVE-2013-4669

FortiClient and FortiClient Lite proceed with an SSL session after determining that the server’s X.509 certificate is invalid, enabling MITM attackers to obtain sensitive information during password transmission. Affected versions include FortiClient on Windows (&lt;4.3.5.472), Mac OS X (&lt;4.0....

5.4CVSS6.3AI score0.00868EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/04/07 5:0 p.m.22 views

CVE-2013-2770

The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server OES on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate...

6.6AI score0.00588EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/01/12 12:0 a.m.38 views

OpenSSL < 0.9.2b Session Reuse

According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.2b. A remote attacker could reuse an SSL session under a different context and bypass access control mechanisms based on client certificates. C Tenable Network Security, Inc. include"compat.inc"; i...

7.5CVSS5.6AI score0.03234EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2011/09/29 5:25 p.m.4 views

Firefox Java update ready to stop BEAST attacks

Firefox Java update ready to stop BEAST attacks Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. Johnath, the...

7AI score
Exploits0
Prion
Prion
added 2011/08/29 3:55 p.m.20 views

Code injection

Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...

10CVSS7.1AI score0.01902EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2011/08/29 3:0 p.m.29 views

CVE-2011-1643

Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...

6.5AI score0.01902EPSS
Exploits0References1
CVE
CVE
added 2011/08/29 3:0 p.m.54 views

CVE-2011-1643

CVE-2011-1643 affects Cisco Unified Communications Manager (CUCM) and Cisco Unified Presence Server. Affected CUCM versions: 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2; Presence Server: 6.x, 7.x, 8.0, and 8.5 before 8.5xnr. Root cause: an open query interface could disclose databas...

10CVSS6.7AI score0.01902EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder