Lucene search
+L

884 matches found

OpenVAS
OpenVAS
added 2013/11/08 12:0 a.m.22 views

Fedora Update for python-backports-ssl_match_hostname FEDORA-2013-20200

Check for the Version of python-backports-sslmatchhostname OpenVAS Vulnerability Test Fedora Update for python-backports-sslmatchhostname FEDORA-2013-20200 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

7.4AI score
Exploits0References2
Fedora
Fedora
added 2013/11/06 7:35 a.m.13 views

[SECURITY] Fedora 18 Update: mod_nss-1.0.8-24.fc18

The modnss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and Transport Layer Security TLS protocols using the Network Security Services NSS security library...

7.1AI score
Exploits0
Fedora
Fedora
added 2013/11/05 2:56 a.m.14 views

[SECURITY] Fedora 19 Update: python-backports-ssl_match_hostname-3.4.0.2-1.fc19

The Secure Sockets layer is only actually secure if you check the hostname in the certificate returned by the server to which you are connecting, and ver ify that it matches to hostname that you are trying to reach. But the matching logic, defined in RFC2818, can be a bit tricky to implemen t on...

2.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/08/19 6:50 a.m.3 views

Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates

Overview Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense Kobe Digital Labo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.8CVSS6.6AI score0.00521EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2013/08/17 12:0 a.m.5 views

PT-2013-4915 · Python +3 · Python +3

Name of the Vulnerable Software and Affected Versions: Python versions 2.6 through 3.4 Description: The issue arises from the ssl.match hostname function in the SSL module, which fails to properly handle a '0' character in a domain name in the Subject Alternative Name field of an X.509 certificat...

10CVSS6.2AI score0.75116EPSS
Exploits66References310
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.24 views

Oracle Linux 3 : openssl (ELSA-2007-0813)

From Red Hat Security Advisory 2007:0813 : Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secu...

6.8CVSS7.2AI score0.16061EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2013/07/03 5:4 p.m.6 views

OpenJDK: JConsole SSL support (Serviceability, 8003703)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the...

5CVSS6.8AI score0.04783EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/06/19 11:56 p.m.8 views

OpenJDK: JConsole SSL support (Serviceability, 8003703)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the...

5CVSS6.8AI score0.04783EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/07 6:3 a.m.2 views

Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates

Overview Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates. Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

5.8CVSS6.5AI score0.00582EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2013/05/31 12:0 a.m.31 views

Fedora Update for python-backports-ssl_match_hostname FEDORA-2013-8694

Check for the Version of python-backports-sslmatchhostname OpenVAS Vulnerability Test Fedora Update for python-backports-sslmatchhostname FEDORA-2013-8694 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

6.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/05/29 12:0 a.m.28 views

Debian Security Advisory DSA 2697-1 (gnutls26 - out-of-bounds array read)

It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding. The oldstable distribution squeeze is not affected because the security fix that introduced this vulnerability was not applied ...

5CVSS6.1AI score0.03761EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2013/03/12 12:0 a.m.36 views

CentOS Update for openssl CESA-2013:0587 centos6

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2013:0587 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

5CVSS6.9AI score0.35584EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2013/02/19 8:29 p.m.6 views

Tomcat - Denial Of Service when using NIO+SSL+sendfile

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

2.6CVSS7.3AI score0.07452EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2013/01/09 6:9 p.m.3 views

CVE-2013-0013

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks agains...

5.8CVSS5.5AI score0.06351EPSS
Exploits0References4
OSV
OSV
added 2012/11/04 12:0 a.m.7 views

UBUNTU-CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS6.8AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/09/24 3:53 p.m.3 views

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

5CVSS7.2AI score0.14523EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/09/24 3:52 p.m.6 views

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

5CVSS7.2AI score0.14523EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.33 views

CentOS Update for openssl CESA-2010:0977 centos4 x86_64

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2010:0977 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

10CVSS7.2AI score0.09497EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.36 views

CentOS Update for openssl CESA-2012:0060 centos5

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2012:0060 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

9.3CVSS7.2AI score0.17687EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/07/09 12:0 a.m.47 views

RedHat Update for openssl RHSA-2012:0059-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS8.7AI score0.16645EPSS
Exploits0References2
Rows per page
Query Builder