Lucene search
K

3572 matches found

RedHat Linux
RedHat Linux
added 2008/07/02 5:50 p.m.5 views

System: incorrect handling of Extensions in CSRs (cs71)

Red Hat PKI Common Framework rhpki-common in Red Hat Certificate System aka Certificate Server or RHCS 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended...

7.5CVSS5.9AI score0.01074EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/02 5:49 p.m.6 views

Important: Red Hat Security Advisory: rhpki-common security update

An updated rhpki-common package that fixes a security issue is now available for Red Hat Certificate System 7.3. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software system designed to manag...

7.5CVSS5.7AI score0.01074EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2008/07/02 12:48 p.m.0 views

Firefox arbitrary signed JAR code execution

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...

7.5CVSS6.2AI score0.0281EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/02 12:37 p.m.1 views

Firefox arbitrary signed JAR code execution

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...

7.5CVSS6.2AI score0.0281EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/06/16 12:0 a.m.19 views

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openssl-blacklist update (USN-612-9)

USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without ...

5.6AI score
Exploits0References1
Oracle linux
Oracle linux
added 2008/06/02 12:0 a.m.53 views

samba security and bug fix update

3.0.28-1.el52.1 - Security fix for CVE-2008-1105 - Fix join verification - Fix smb signing - resolves: CVE-2008-1105 - resolves: 447380 - resolves: 444637...

7.5CVSS1.8AI score0.69085EPSS
Exploits2
Cvelist
Cvelist
added 2008/03/06 12:0 a.m.20 views

CVE-2008-1184

The DNSSEC validation library libval library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks...

6.3AI score0.0127EPSS
Exploits0References8
CVE
CVE
added 2008/02/21 1:0 a.m.44 views

CVE-2008-0862

CVE-2008-0862 affects IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0. The issue arises when forwarding an email, where Notes signs an unsigned applet, potentially bypassing the Execution Control List (ECL). The NVD entry lists the impact as user-assisted remote execution with partial confidentiality impa...

4.3CVSS6.6AI score0.02126EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.27 views

Debian Security Advisory DSA 429-2 (gnupg)

The remote host is missing an update to gnupg announced via advisory DSA 429-2. OpenVAS Vulnerability Test $Id: deb4292.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 429-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

5CVSS6.4AI score0.02854EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.18 views

Debian Security Advisory DSA 429-2 (gnupg)

The remote host is missing an update to gnupg announced via advisory DSA 429-2. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.02854EPSS
Exploits1References2
securityvulns
securityvulns
added 2007/12/16 12:0 a.m.24 views

Microsoft Office unsigned data

Metadata file and hyperlink desination is not signed on document signing...

1.3AI score
Exploits0References2Affected Software1
NVD
NVD
added 2007/12/13 7:46 p.m.16 views

CVE-2007-6329

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML OOXML documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the 1 LastModifiedBy and 2 creator fields in docProps/core.xml in the OOXML...

6.4CVSS6.6AI score0.15597EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/12/13 7:0 p.m.24 views

CVE-2007-6329

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML OOXML documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the 1 LastModifiedBy and 2 creator fields in docProps/core.xml in the OOXML...

6.6AI score0.15597EPSS
Exploits0References5
securityvulns
securityvulns
added 2007/12/13 12:0 a.m.29 views

OpenOffice certificate information spoofing

It's possible to spoof information about certificate used for signing...

2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2007/12/12 12:46 a.m.23 views

CVE-2007-5351

Unspecified vulnerability in Server Message Block Version 2 SMBv2 signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."...

10CVSS7.3AI score0.41243EPSS
Exploits1References10
Cvelist
Cvelist
added 2007/12/12 12:0 a.m.30 views

CVE-2007-5351

Unspecified vulnerability in Server Message Block Version 2 SMBv2 signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."...

7.2AI score0.41243EPSS
Exploits1References10
securityvulns
securityvulns
added 2007/12/12 12:0 a.m.46 views

Microsoft Windows Vista SMBv2 packets signature bypass

Invalid implementation of digital signing...

10CVSS3.4AI score0.41243EPSS
Exploits1References1
Symantec
Symantec
added 2007/12/11 12:0 a.m.20 views

Microsoft Windows SMBv2 Code Signing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly validate digital signatures. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of logged-in users. This facilitates the remote...

1.2AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2007/11/01 1:28 p.m.5 views

CIFS signing sec= mount options don't work correctly

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request...

4.3CVSS5.9AI score0.02624EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2007/09/14 12:0 a.m.58 views

Important: kernel security update

2.6.18-8.1.10.0.1.el5 - Fix bonding primary=ethX Bert Barbe IT 101532 ORA 5136660 - Add entropy module option to e1000/bnx2 John Sobecki ORA 6045759 2.6.18-8.1.10.el5 - mm Prevent the stack growth into hugetlb reserved regions Konrad Rzeszutek 253313 CVE-2007-3739 2.6.18-8.1.9.el5 - misc cpuset...

6.9CVSS0.5AI score0.02624EPSS
Exploits1
Rows per page
Query Builder