Lucene search
K

100 matches found

Cvelist
Cvelist
added 2020/08/06 10:45 p.m.32 views

CVE-2020-15136 Improper authentication in etcd

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS6.8AI score0.01636EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/08/06 10:45 p.m.38 views

CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS7.5AI score0.01636EPSS
Exploits0
CVE
CVE
added 2020/08/06 10:45 p.m.343 views

CVE-2020-15136

CVE-2020-15136 affects etcd gateway behavior: TLS authentication is applied only to endpoints discovered via DNS SRV for a domain, with no authentication for endpoints provided via the --endpoints flag. Root cause is limited endpoint validation in the gateway’s discoverEndpoints flow. Impact: pot...

6.5CVSS6.8AI score0.01636EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/06/22 4:15 p.m.14 views

CVE-2020-4060

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message https://doc.sm.tc/station/cupsproto.htmlhttp-post-response where the signature length is larger than ...

5CVSS7.3AI score
Exploits0References1
Prion
Prion
added 2020/06/22 4:15 p.m.12 views

Design/Logic Flaw

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message https://doc.sm.tc/station/cupsproto.htmlhttp-post-response where the signature length is larger than ...

4CVSS5.5AI score0.00947EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/22 3:45 p.m.17 views

CVE-2020-4060 Use After Free in in cups_update_info in LoRa Basics Station

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message https://doc.sm.tc/station/cupsproto.htmlhttp-post-response where the signature length is larger than ...

4.1CVSS5.5AI score0.00947EPSS
Exploits0References1
CVE
CVE
added 2020/06/22 3:45 p.m.51 views

CVE-2020-4060

LoRa Basics Station CVE-2020-4060: A Use-After-Free in cups_update_info affects versions prior to 2.0.4 on 32-bit platforms. If the CUPS server responds with a signature length > 2 GB (or sets a length field > 2^31-1 while not containing that much data), the code path frees memory and then ...

5CVSS5.1AI score0.00947EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/06/16 2:15 a.m.14 views

Authentication Bypass

github.com/caddyserver/caddy is vulnerable to authentication bypass. When TLS is used for client authentication, it does not enforce a tls: StrictHostMatching mode for client authentication, leading to a bypass of TLS authentication...

9.8CVSS2.6AI score0.02723EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/06/15 4:50 p.m.97 views

CVE-2018-21246

Caddy before 0.10.13 mishandles TLS client authentication due to missing StrictHostMatching, enabling an authentication bypass. Affected product: Caddy web server; vulnerability in TLS client auth handling (authentication bypass). CVE-2018-21246 is documented in multiple sources (GHSA, OSV, NVD, ...

9.8CVSS9.6AI score0.02723EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/06/15 4:50 p.m.19 views

CVE-2018-21246

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode...

9.8CVSS9.8AI score0.02723EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/06/03 11:22 p.m.33 views

CVE-2020-13777

A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...

5.8CVSS3.7AI score0.17507EPSS
Exploits3References4
CNVD
CNVD
added 2020/04/24 12:0 a.m.2 views

F5 NGINX Controller Trust Management Issue Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.2.0, which stems from the fact that by...

7.4CVSS6.8AI score0.01033EPSS
Exploits0References1
OSV
OSV
added 2019/12/13 6:25 p.m.9 views

MGASA-2019-0385 Updated proftpd packages fix security vulnerability

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

4.9CVSS4.9AI score0.01645EPSS
Exploits0References3
NVD
NVD
added 2019/11/26 4:15 a.m.23 views

CVE-2019-19272

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer a variable initialized to NULL leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup...

7.5CVSS7.4AI score0.00947EPSS
Exploits0References1
OSV
OSV
added 2019/05/19 11:27 a.m.9 views

MGASA-2019-0184 Updated tomcat-native packages fix security vulnerability

When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS CVE-2018-8019. Did not properly check OCSP...

7.4CVSS7.4AI score0.04199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/03/06 12:0 a.m.6 views

PT-2019-2586 · Apache +1 · Apache Qpid Proton +1

Name of the Vulnerable Software and Affected Versions: Apache Qpid Proton versions 0.9 through 0.27.0 Description: The issue is related to errors in the certificate authentication procedure, allowing a remote attacker to implement a man-in-the-middle attack and intercept TLS traffic by anonymousl...

7.4CVSS6.4AI score0.06201EPSS
Exploits0References47
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.19 views

Fedora 28 : mysql-mmm (2018-ca5321b5ff)

Multi-Master Replication Manager for MySQL mmmagentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/06/14 12:0 a.m.4 views

PT-2018-10677

Name of the Vulnerable Software and Affected Versions PPPD versions prior to the version with the fixed patch Description The issue arises from improper input validation combined with an integer overflow in the EAP-TLS protocol implementation. This can lead to a crash, information disclosure, or...

9.8CVSS9.1AI score0.01899EPSS
Exploits0References14
NVD
NVD
added 2018/02/06 4:29 p.m.16 views

CVE-2014-5280

boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery CSRF attacks by leveraging Docker daemons enabling TCP connections without TLS authentication...

9.3CVSS8.8AI score0.00733EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/02/06 4:0 p.m.18 views

CVE-2014-5280

boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery CSRF attacks by leveraging Docker daemons enabling TCP connections without TLS authentication...

8.8AI score0.00733EPSS
Exploits0References1
Rows per page
Query Builder