Lucene search
K

155 matches found

RedHat Linux
RedHat Linux
added 2023/04/20 12:52 a.m.6 views

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

5.9CVSS7.2AI score0.01523EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.10 views

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

6.7AI score0.00458EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.4 views

SUSE CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

3.7CVSS6.6AI score0.00775EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.4 views

PT-2022-27493 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier Description: The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

7.5CVSS7.4AI score0.00396EPSS
Exploits0References8
OSV
OSV
added 2022/10/25 10:49 a.m.4 views

SUSE-SU-2022:3725-1 Security update for icinga2

This update for icinga2 fixes the following issues: - CVE-2020-14004: prepare-dirs script allows for symlink attack in the icinga user context. bsc1172171 - CVE-2020-29663: ignoring CRL, where revoked certificates due for renewal will automatically be renewed. bsc281137 - CVE-2021-37698: Missing...

9.1CVSS8.1AI score0.01554EPSS
Exploits1References7
CVE
CVE
added 2022/10/11 12:0 a.m.55 views

CVE-2022-40147

CVE-2022-40147 affects Siemens Industrial Edge Management prior to v1.5.1. Root cause: improper TLS server-certificate validation, enabling an attacker to spoof a trusted entity by intercepting the client–server path. Impact is confidentiality and integrity loss (C/H, I/H), with no availability i...

7.4CVSS7.1AI score0.00335EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.3 views

PT-2022-25421

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

6.4AI score0.00274EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/06/15 4:46 p.m.21 views

CVE-2022-32151 Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...

7.4CVSS9.4AI score0.00743EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.4 views

PT-2022-21125 · Splunk · Splunk Cloud Platform +2

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise and Universal Forwarder versions prior to 9.0 Description: The issue is related to the Splunk command-line interface CLI not validating TLS certificates while connecting to a remote Splunk platform instance by default. This...

8.1CVSS7.9AI score0.00762EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/03/31 12:0 a.m.65 views

Jenkins plugins Multiple Vulnerabilities (2022-03-29)

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins Bitbucket Server Integration Plugin prior to 3.2.0, Continuous Integration with Toad Edge Plugin prior to 2.4, Coverage/Complexity Scatter Plot Plugin 1.1.1 or earlier,...

8.8CVSS6.4AI score0.01764EPSS
Exploits0References29
Github Security Blog
Github Security Blog
added 2022/03/30 12:0 a.m.28 views

Missing permission checks in Jenkins Proxmox Plugin

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

6.5CVSS6.4AI score0.0079EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/30 12:0 a.m.20 views

GHSA-2MGJ-MWVF-MPG5 Missing permission checks in Jenkins Proxmox Plugin

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

6.5CVSS6.8AI score0.0079EPSS
Exploits0References3
NVD
NVD
added 2022/03/29 1:15 p.m.31 views

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

6.5CVSS0.0079EPSS
Exploits0References2
OSV
OSV
added 2022/03/29 1:15 p.m.22 views

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

6.5CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2022/03/29 1:15 p.m.23 views

CVE-2022-28143

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

6.5CVSS7.6AI score
Exploits0References2
Prion
Prion
added 2022/03/29 1:15 p.m.23 views

Default credentials

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

4CVSS6.5AI score0.0079EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/29 1:15 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

4CVSS6.6AI score0.00642EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/29 1:15 p.m.22 views

Design/Logic Flaw

Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues...

4.3CVSS6.5AI score0.00642EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/29 12:31 p.m.34 views

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

7.2AI score0.0079EPSS
Exploits0References2
PyPA
PyPA
added 2021/11/23 12:15 a.m.9 views

PYSEC-2021-863

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...

8.8CVSS6.6AI score0.00375EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder