Lucene search
K

37 matches found

OSV
OSV
added 2020/11/06 8:15 a.m.28 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

5.5CVSS5.5AI score
Exploits0References7
PyPA
PyPA
added 2020/11/06 8:15 a.m.4 views

PYSEC-2020-105

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

5.5CVSS7AI score0.00408EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2020/11/06 8:15 a.m.23 views

Code injection

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

2.1CVSS7.2AI score0.00408EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2020/11/06 8:15 a.m.27 views

PYSEC-2020-105

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

5.5CVSS2.2AI score0.00408EPSS
Exploits0References8
CVE
CVE
added 2020/11/06 7:29 a.m.197 views

CVE-2020-17490

CVE-2020-17490 affects SaltStack Salt (TLS module) up to version 3002, where the TLS execution module creates certificates with weak file permissions. The root cause is improper permissions on certificate files, potentially exposing private keys and enabling unintended access to sensitive materia...

5.5CVSS7.1AI score0.00408EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/11/06 7:29 a.m.36 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

7.3AI score0.00408EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2020/11/06 7:29 a.m.36 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

5.5CVSS7.5AI score0.00408EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/11/06 12:0 a.m.31 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

5.5CVSS6.8AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2019/08/13 9:15 p.m.3 views

CVE-2019-5280

The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered...

6.5CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2019/08/13 9:15 p.m.14 views

Security feature bypass

The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered...

5.8CVSS6.3AI score0.00419EPSS
Exploits0References1Affected Software1
Huawei
Huawei
added 2019/07/24 12:0 a.m.133 views

Security Advisory - TLS Certificate Verification Vulnerability in Huawei 7900 IP Phones

There is a TLS certificate verification vulnerability in the SIP TLS module of Huawei 7900 IP Phones. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally,...

6.5CVSS6.3AI score0.00419EPSS
Exploits0Affected Software1
NVD
NVD
added 2016/07/21 10:12 a.m.21 views

CVE-2016-3482

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...

5CVSS4.3AI score0.02297EPSS
Exploits0References4
Prion
Prion
added 2016/07/21 10:12 a.m.19 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...

5CVSS6AI score0.02297EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/07/21 10:0 a.m.22 views

CVE-2016-3482

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...

3.8AI score0.02297EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2016/07/21 10:0 a.m.11 views

CVE-2016-3482

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...

5.9AI score0.02297EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/08/12 12:0 a.m.22 views

openSUSE Security Update : tor (openSUSE-SU-2014:0975-1)

Tor 0.2.4.23 bnc889688 CVE-2014-5117 Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series. - Major features : - Clients now look at the 'usecreatefast' consensus parameter to decide whether to use CREATEFAST or CREATE cells for the...

5.8CVSS8.1AI score0.02094EPSS
Exploits0References3
OSV
OSV
added 2009/10/28 2:30 p.m.9 views

CVE-2009-3639

The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...

5.7AI score
Exploits0References12
Rows per page
Query Builder