Lucene search
K

95 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.5 views

SUSE CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

4.3CVSS6.3AI score0.01884EPSS
Exploits0References3
OSV
OSV
added 2022/10/19 10:15 p.m.4 views

CVE-2022-41694

In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate...

4.9CVSS5.8AI score0.00595EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.3 views

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS has a denial-of-service vulnerability that originates from the ability to force a NULL pointer to be dereferenced through the SSL VPN Portal, which can be...

7.5CVSS6.8AI score0.00868EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.8 views

The vulnerability in the implementation of the SSLContext class in My Cloud OS operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SSLContext class implementation in My Cloud OS networking storage operating systems is related to the choice of a less secure algorithm during negotiation processes. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...

7.3CVSS7.1AI score0.00185EPSS
Exploits0References3Affected Software8
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.7 views

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty, which stems from a pooled ByteBuffer that is not freed by SslConnection, and affects the following products and versions: versions 10.0....

7.5CVSS7.3AI score0.02036EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.7 views

SSL VPN 代码问题漏洞

SSL VPN is a new VPN technology that uses the SSL protocol for remote access. It includes: server authentication, client authentication, data integrity over the SSL link and data confidentiality over the SSL link. A code issue vulnerability exists in SSL VPN that stems from the product's failure ...

6.1CVSS6.5AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.4 views

Stormshield Network Security 访问控制错误漏洞

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability in Stormshield 1.1.0 and 2.1.0 through 2.9.0 could allow an attacker to block client access to the VPN and gain access to sensitive information...

6.1CVSS6.2AI score0.00204EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/23 12:0 a.m.6 views

ARM mbed TLS 安全漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. A security vulnerability exists in ARM mbed TLS versions prior to 2.24.0, which stems from a lack of clearing of the plaintext buffer in mbedtlssslread to erase unused application data from...

7.5CVSS7.3AI score0.0155EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.4 views

Cisco Firepower Threat Defense 输入验证错误漏洞

Cisco Firepower Threat Defense FTD is unified software that provides next-generation firewall services. A denial-of-service vulnerability exists in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense, which can be exploited by an attacker to cause a process crash by sendi...

8.6CVSS5.6AI score0.01386EPSS
Exploits0References5
OSV
OSV
added 2021/04/23 12:15 a.m.6 views

AZL-45213 CVE-2021-31597 affecting package js-jquery 3.5.0-4

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

9.4CVSS7.3AI score0.02056EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.5 views

puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL

A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List CRL. The primary risk is the availability of communications to computing systems and not Puppet itself. This flaw allows an attacker to submit a...

5.4CVSS7.3AI score0.00608EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2020/09/25 12:0 a.m.7 views

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

...

7.5CVSS7AI score0.69552EPSS
Exploits4
Citrix
Citrix
added 2020/06/02 12:0 a.m.9 views

Error: "Invalid Certificate" When Installing SSL Certificate on ADC Appliance

When attempting to install an Secure Socket Layer SSL certificate on an ADCappliance, the process fails with error "invalid certificate"...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/05/28 3:58 p.m.8 views

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS5.8AI score0.0212EPSS
Exploits0References4
Citrix
Citrix
added 2020/01/14 12:0 a.m.8 views

Types of NetScaler and NetScaler Gateway Licenses

This article describes the types of licenses available for NetScaler and NetScaler Gateway appliances. NetScaler licenses are assigned to physical MPX and virtual VPX appliances. Logical SDX appliances require licenses for each physical appliance and each virtual instance. Refer to NetScaler...

6.6AI score
Exploits0
CNVD
CNVD
added 2019/11/04 12:0 a.m.2 views

Milesight IP security cameras trust management issue vulnerability (CNVD-2019-40063)

Milesight IP security cameras are IP camera products from China Pulse Digital Technology Milesight. A security vulnerability exists in Milesight IP security cameras version 2016-11-14 and earlier, which stems from a hardcoded SSL private key stored in the /etc/config directory. No details of the...

9.8CVSS6.8AI score0.02064EPSS
Exploits1References1
CNVD
CNVD
added 2019/02/22 12:0 a.m.2 views

Cisco Firepower Threat Defense Input Validation Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. An input validation vulnerability exists in the detection engine in Cisco FTD, which can be exploited by a remote attacker to cause a denial of...

5.8CVSS6.8AI score0.02265EPSS
Exploits0References1
OSV
OSV
added 2018/10/31 2:29 p.m.2 views

CVE-2018-15317

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients will be unable to access the...

7.5CVSS5.8AI score0.0136EPSS
Exploits0References2
CNVD
CNVD
added 2018/09/28 12:0 a.m.4 views

+Message App Unable to Validate SSL Server Certificate Vulnerability

+Message App is an APP application. +Message App is unable to validate SSL server certificates, and a man-in-the-middle attack may allow an attacker to eavesdrop on encrypted communications...

5.9CVSS5.9AI score0.00667EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/07/16 12:0 a.m.3 views

PT-2018-8796 · Cisco · Cisco Firepower System +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software affected versions not specified Description: A vulnerability in the detection engine could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory, slowing...

7.5CVSS7AI score0.02195EPSS
Exploits0References3
Rows per page
Query Builder