Lucene search
K

55 matches found

Hacker One
Hacker One
added 2020/03/08 7:55 p.m.119 views

Endless Group: Lets Encrypt Certificates affected by CAA Rechecking Incident

Summary: Lets encrypt released a statement regarding 3 million certificates being revoked due to a issue in the CA signing process, Looking at your subdomains it appears that you are affected by this incident. When the revoking occurs the certificates the certificates are no longer valid. This ma...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2020/03/07 12:58 a.m.80 views

Identifying Let’s Encrypt Revoked Certificates

Let's Encrypt is a free, automated, open certificate authority CA run for the public's benefit as a service from the Internet Security Research Group ISRG. It provides free digital certificates to enable HTTPS SSL/TLS for websites via user-friendly means. Earlier this week, Let's Encrypt announce...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/03/05 11:29 a.m.68 views

Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates

Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...

7.2AI score
Exploits0References7
Schneier on Security
Schneier on Security
added 2020/03/04 12:46 p.m.64 views

Let's Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2020/03/03 8:13 p.m.55 views

Let's Encrypt to Revoke Millions of TLS Certs

UPDATE Popular free certificate authority Let’s Encrypt said it will revoke 3 million Transport Layer Security TLS certificates Wednesday, because of a Certificate Authority Authorization CAA bug. The move could mean that millions of websites and machine identities that rely on those certificates...

7.2AI score
Exploits0References7
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/01/30 7:11 a.m.53 views

ASSURE Aviation Cyber Security Testing

We've long been supporters and champions of a formalised approach to Aviation Cyber Security Testing. Our research and blogging has taken us on an interesting journey regarding airside and landside security, mapping attack surfaces and explaining how systems work and interact. Speaking and...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.5 views

php: memcpy with negative length via crafted DNS response

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

7.5CVSS7.5AI score0.04188EPSS
Exploits1References4
Prion
Prion
added 2019/08/01 2:15 p.m.13 views

Design/Logic Flaw

cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling SEC-439...

4CVSS4.9AI score0.00633EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/01 1:9 p.m.22 views

CVE-2018-20892

cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling SEC-439...

4.9AI score0.00633EPSS
Exploits0References1
CVE
CVE
added 2019/08/01 1:9 p.m.49 views

CVE-2018-20892

CVE-2018-20892 affects cPanel prior to 74.0.0, where incorrect handling of CAA records allows arbitrary zone file modifications. Root cause: CAA handling flaw in the affected component. Impact per sources is modification of DNS zone data. No exploitation details or patches are specified in the pr...

4.3CVSS4.8AI score0.00633EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/09/16 6:34 a.m.60 views

HackerOne: Missing Certificate Authority Authorization rule

Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA o...

0.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/09/21 12:18 a.m.17 views

caa.co.za XSS vulnerability

Vulnerable URL: http://www.caa.co.za/examinations%20forms/forms/allitems.aspx?FollowSite=0=%27-confirm%27OPENBUGBOUNTY%27-%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 279861...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/01/19 1:22 a.m.24 views

caa-ahm.org XSS vulnerability

Vulnerable URL: http://www.caa-ahm.org/login.php?url=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2551905 VIP website status:| No Check caa-ahm.org SSL connection:| Grade: A...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/29 12:0 a.m.34 views

OracleVM 3.3 / 3.4 : bind (OVMSA-2016-0136)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2016-2776 - Updated named.ca hints file to the latest version 1267991 - Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used 1227189 - Added the fixed tarball wit...

7.8CVSS7.5AI score0.89482EPSS
Exploits7References3
Hacker One
Hacker One
added 2016/04/12 8:2 a.m.640 views

HackerOne: Missing Certificate Authority Authorization rule

Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA o...

1.2AI score
Exploits0
Rows per page
Query Builder