Lucene search
K

155 matches found

Prion
Prion
added 2019/02/08 3:29 a.m.16 views

Design/Logic Flaw

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...

4.3CVSS5.6AI score0.00901EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2019/01/18 10:29 p.m.14 views

Code injection

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by...

5.8CVSS7.3AI score0.0061EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.49 views

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules - http:...

7.8CVSS7.3AI score0.95707EPSS
Exploits8References17
Cvelist
Cvelist
added 2018/09/14 8:0 p.m.29 views

CVE-2018-11087 TLS validation error

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.4AI score0.01268EPSS
Exploits0References1
Veracode
Veracode
added 2018/08/13 5:40 p.m.26 views

Improper Validation

libcurl.so is vulnerable to improper validation. The library does not properly verify the server's name in a certificate when establishing a TLS connection, causing the certificate verifications to be performed...

4CVSS8.3AI score0.02576EPSS
Exploits1References14Affected Software1
CNVD
CNVD
added 2018/06/29 12:0 a.m.1 views

Apache CXF Authentication Bypass Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs. A security vulnerability exists in Apache CXF versions prior to 3.2.5 and 3.1.16, which...

8.1CVSS7.8AI score0.10348EPSS
Exploits0References1
0day.today
0day.today
added 2017/08/23 12:0 a.m.47 views

WebClientPrint Processor 2.0.15.109 TLS Validation Vulnerability

RedTeam Pentesting discovered that WebClientPrint Processor WCPP does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrit...

6.4AI score
Exploits0
CNVD
CNVD
added 2017/03/22 12:0 a.m.2 views

WebKitGTK+ Late TLS Certificate Validation Vulnerability

WebKitGTK+ is a versatile port for the WebKit rendering engine. A security vulnerability exists in the Late TLS certificate validation of WebKitGTK+. A remote attacker can exploit this vulnerability to obtain secure HTTP request information via sniffing...

7.5CVSS6.7AI score0.01694EPSS
Exploits0References1
OSV
OSV
added 2017/01/11 4:59 p.m.4 views

PYSEC-2017-98

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

3.7CVSS6.3AI score0.00775EPSS
Exploits0References3
OSV
OSV
added 2016/04/18 12:16 p.m.10 views

USN-2950-1 samba vulnerabilities

Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. CVE-2015-5370 Stefan...

7.5CVSS6.9AI score0.3693EPSS
Exploits0References9
OSV
OSV
added 2016/04/13 2:32 p.m.12 views

SUSE-SU-2016:1028-1 Security update for samba

samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

7.5CVSS6.9AI score0.3693EPSS
Exploits0References16
OSV
OSV
added 2016/04/12 6:42 p.m.5 views

SUSE-SU-2016:1024-1 Security update for samba

samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

7.5CVSS7.1AI score0.3693EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2012/11/01 12:0 a.m.9 views

Fedora 17 : ssmtp-2.61-19.fc17 (2012-16163)

This version adds to sSMTP the ability to validate the TLS servers it connects to. It also enables use of separate files for client key and certificate files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/01/26 12:0 a.m.39 views

Fedora 9 : ntp-4.2.4p6-1.fc9 (2009-0547)

This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA...

5.8CVSS7.4AI score0.05146EPSS
Exploits1References3
Cvelist
Cvelist
added 2009/01/07 5:0 p.m.29 views

CVE-2009-0021

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

7.2AI score0.03218EPSS
Exploits0References19
Rows per page
Query Builder