CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

145 matches found

OpenVAS•added 2021/08/16 12:0 a.m.•24 views

OpenSSL: OCSP Stapling Vulnerability (20110208) - Windows

OpenSSL is prone to an OCSP stapling vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS9.1AI score0.01196EPSS

Exploits0References1

OpenVAS•added 2021/08/16 12:0 a.m.•22 views

OpenSSL: OCSP Stapling Vulnerability (20110208) - Linux

5CVSS9.1AI score0.01196EPSS

Exploits0References1

Amazon•added 2021/08/05 12:0 a.m.•70 views

Medium: curl

Issue Overview: A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPTCONNECTONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to...

7.5CVSS6.7AI score0.00742EPSS

Exploits3

RedHat Linux•added 2021/06/17 11:35 a.m.•1 views

curl: Inferior OCSP verification

Libcurl offers "OCSP stapling" via the CURLOPTSSLVERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-stat...

7.5CVSS7.1AI score0.00286EPSS

Exploits1References5

Debian•added 2020/12/19 2:59 a.m.•139 views

[SECURITY] [DLA 2500-1] curl security update

Debian LTS Advisory DLA-2500-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 18, 2020 https://wiki.debian.org/LTS Package : curl Version : 7.52.1-5+deb9u13 CVE ID : CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Debian Bug : 977161 977162 977163 Several...

7.5CVSS6.7AI score0.00742EPSS

Exploits2

Veracode•added 2020/12/11 9:15 a.m.•37 views

Authorization Bypass

curl is vulnerable to authorization bypass. The vulnerability is present only if OpenSSL is the designated TLS backend. OCSP stapling is not enabled by default by libcurl, it needs to be explicitly enabled by the application to get used...

7.5CVSS2.5AI score0.00286EPSS

Exploits1References22Affected Software5

RedhatCVE•added 2020/12/09 5:14 p.m.•45 views

CVE-2020-8286

7.5CVSS7.6AI score0.00286EPSS

Exploits1References4

OSV•added 2020/12/09 8:0 a.m.•5 views

CURL-CVE-2020-8286 Inferior OCSP verification

libcurl offers "OCSP stapling" via the CURLOPTSSLVERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-stat...

7.5CVSS7.4AI score0.00286EPSS

Exploits1

Tenable Nessus•added 2019/08/12 12:0 a.m.•33 views

Ubuntu 18.04 LTS : OpenJDK 11 vulnerabilities (USN-4083-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4083-1 advisory. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker...

5.8CVSS7.8AI score0.00672EPSS

Exploits3References8

Ubuntu•added 2019/07/31 5:10 p.m.•114 views

USN-4083-1: OpenJDK 11 vulnerabilities

It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. CVE-2019-2762 It was discovered that in some...

5.8CVSS7.6AI score0.00672EPSS

Exploits3

OSV•added 2019/07/31 5:10 p.m.•0 views

USN-4083-1 openjdk-lts vulnerabilities

5.8CVSS6.9AI score0.00672EPSS

Exploits3References8

RedHat Linux•added 2017/08/21 3:33 p.m.•2 views