Lucene search
K

37 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.392 views

OpenSSL 1.0.2 < 1.0.2zk Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: nginx

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS7.1AI score0.02037EPSS
Exploits0
Amazon
Amazon
added 2023/03/22 12:0 a.m.18 views

Medium: sendmail

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS8AI score0.02037EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/17 4:26 p.m.51 views

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
OSV
OSV
added 2022/04/11 4:48 p.m.4 views

CLSA-2022-1649695737 Fix CVE(s): CVE-2021-3618

SECURITY UPDATE: Vulnerability against application layer protocol content confusion attack - debian/patches/CVE-2021-3618.patch: Drop the connection after reaching the specified number of invalid protocol commmands - CVE-2021-3618...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2022/04/05 7:0 a.m.4 views

ALPACA is an application layer protocol content confusion attack exploiting TLS servers implementing different protocols but using compatible certificates such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

...

7.4CVSS7.5AI score0.02037EPSS
Exploits0
hivepro
hivepro
added 2022/03/25 2:16 p.m.223 views

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

9.1AI score0.23546EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/03/23 12:0 a.m.1068 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/03/23 12:0 a.m.216 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
hivepro
hivepro
added 2022/02/07 2:23 p.m.21 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2021/10/26 12:0 a.m.35 views

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2021-2599)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.52838EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2021/10/25 12:0 a.m.41 views

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that cause...

9.8CVSS8.1AI score0.52838EPSS
Exploits11References4
Tenable Nessus
Tenable Nessus
added 2021/09/27 12:0 a.m.38 views

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2021-2513)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References2
Fedora
Fedora
added 2017/07/08 10:21 p.m.44 views

[SECURITY] Fedora 25 Update: jetty-alpn-8.1.11-2.v20170118.fc25

A pure JavaTM implementation of the Application Layer Protocol Negotiation TLS Extension...

7.5CVSS2.9AI score0.05795EPSS
Exploits0
OSV
OSV
added 2017/03/23 9:21 p.m.10 views

MGASA-2017-0081 Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,...

10CVSS8.2AI score0.17484EPSS
Exploits8References10
securityvulns
securityvulns
added 2009/12/22 12:0 a.m.53 views

TLS Renegotiation Vulnerability: Proof of Concept Code &#40;Python&#41;

Information about a vulnerability in the TLS protocol was published in the beginning of November 2009. Attackers can take advantage of that vulnerability to inject arbitrary prefixes into a network connection protected by TLS. This can result in severe vulnerabilities, depending on the applicatio...

0.8AI score
Exploits0
myhack58
myhack58
added 2006/01/26 12:0 a.m.16 views

Rookie Edition Expliot the guidelines for the preparation of the PNP the overflow vulnerability analysis+exploit-vulnerability warning-the black bar safety net

A month ago, and chat with friends, talked about now on the network, worms, viruses are increasingly rampant, the year before the“shock wave”, last year's“shock wave”, this year also don't know and out of what? The voice just fell, the one is named Zotob worm has been in a 8 on 1 to 5 November...

8.1AI score
Exploits0
Rows per page
Query Builder