Lucene search
K

155 matches found

Oracle linux
Oracle linux
added 2021/11/16 12:0 a.m.36 views

grilo security update

0.3.6-3 + grilo-0.3.6-3 - Fix TLS not being validated correctly - Resolves: rhbz1997234...

5.9CVSS6.2AI score0.00866EPSS
Exploits0
NVD
NVD
added 2021/09/16 3:15 p.m.14 views

CVE-2021-41079

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...

7.5CVSS0.07182EPSS
Exploits0References6
OSV
OSV
added 2021/09/16 3:15 p.m.34 views

CVE-2021-41079

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...

7.5CVSS6.6AI score
Exploits0References6
Debian CVE
Debian CVE
added 2021/09/16 2:40 p.m.50 views

CVE-2021-41079

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...

7.5CVSS7.9AI score0.07182EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/07/12 1:15 p.m.5 views

CVE-2021-36377

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...

7.5CVSS5.3AI score0.00574EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2016:2470-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.95707EPSS
Exploits8References2
OSV
OSV
added 2021/04/22 5:15 p.m.20 views

CVE-2021-27400

HashiCorp Vault and Vault Enterprise Cassandra integrations storage backend and database secrets engine plugin did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1...

7.5CVSS6.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/04/09 12:0 a.m.308 views

Jenkins LTS < 2.277.2 / Jenkins weekly < 2.287 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.2 or Jenkins weekly prior to 2.287. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not valida...

6.5CVSS5.3AI score0.04977EPSS
Exploits0References8
OSV
OSV
added 2021/02/19 11:15 p.m.1 views

DEBIAN-CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS5.9AI score0.00884EPSS
Exploits1References1
NVD
NVD
added 2021/02/19 11:15 p.m.14 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS0.00884EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2021/02/19 11:15 p.m.18 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS6.2AI score0.00884EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/02/19 10:42 p.m.14 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS5.5AI score0.00884EPSS
Exploits1
OSV
OSV
added 2020/12/02 1:15 a.m.10 views

CVE-2012-0955

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fix...

7.4CVSS7.4AI score
Exploits0References4
OSV
OSV
added 2020/07/30 4:15 p.m.8 views

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...

9.1CVSS7AI score
Exploits0References1
CVE
CVE
added 2020/07/30 3:16 p.m.47 views

CVE-2020-16163

CVE-2020-16163 affects RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. The bug allows RRDP fetches to proceed without validating a TLS HTTPS endpoint, potentially allowing remote attackers to bypass access restrictions or cause DoS on co-dependent routing systems (RFC 8182 caveat noted b...

9.1CVSS8.9AI score0.01272EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/14 10:5 p.m.28 views

CVE-2020-15104 TLS Validation Vulnerability in Envoy

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of .example.com, Envoy would incorrectly allow nested.subdomain.example.com, wh...

4.6CVSS5.8AI score0.00252EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/06/04 8:41 p.m.181 views

GitHub Security Lab: CPP: Missing/incomplete TLS server certificate hostname validation

This bug was reported directly to GitHub Security Lab...

0.5AI score
Exploits0
Prion
Prion
added 2020/04/29 3:15 a.m.15 views

Design/Logic Flaw

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...

4.3CVSS6.2AI score0.00515EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/10/01 12:0 a.m.202 views

Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation

Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...

0.6AI score
Exploits0
pentestit
pentestit
added 2019/06/29 12:49 a.m.106 views

Electronegativity: An Open Source Electron Security Auditor

PenTestIT RSS Feed Electron is a pretty recent framework for building desktop applications and there are not many tools that deal with the security part either. There is a electronjs security checklist, providing guidelines for building secure applications, but there is no tool per-se - atleast...

0.1AI score
Exploits0
Rows per page
Query Builder