Lucene search
K

126 matches found

Github Security Blog
Github Security Blog
added 2019/01/25 4:19 p.m.38 views

Improper Certificate Validation in Apache Airflow

The LDAP auth backend airflow.contrib.auth.backends.ldapauth prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking...

7.5CVSS3.4AI score0.01016EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2019/01/23 5:29 p.m.24 views

CVE-2018-20245

The LDAP auth backend airflow.contrib.auth.backends.ldapauth prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking...

7.5CVSS7.5AI score0.01016EPSS
Exploits0References1
Prion
Prion
added 2019/01/23 5:29 p.m.23 views

Input validation

The LDAP auth backend airflow.contrib.auth.backends.ldapauth prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking...

5CVSS7.5AI score0.01016EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/03/23 9:29 p.m.1 views

DEBIAN-CVE-2018-1000140

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by...

9.8CVSS9.7AI score0.09662EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2018/02/06 12:0 a.m.38 views

Debian: Security Advisory (DLA-1107-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.5AI score0.05978EPSS
Exploits0References3
Kitploit
Kitploit
added 2017/12/14 8:38 p.m.17 views

Droidefense - Advance Android Malware Analysis Framework

Droidefense originally named atom: a nalysis t hrough o bservation m achine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...

0.5AI score
Exploits0References4
Debian
Debian
added 2017/09/23 1:39 p.m.58 views

[SECURITY] [DLA 1107-1] bzr security update

Package : bzr Version : 2.6.0bzr6526-1+deb7u1 CVE ID : CVE-2013-2099 CVE-2017-14176 Debian Bug : 709068 874429 CVE-2013-2099 Bazaar bundles SSL certificate checking code from Python, which had a bug that could cause a denial of service via resource consumption through multiple wildcards in...

9.3CVSS8.4AI score0.05978EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.22 views

openSUSE Security Update : gnome-online-accounts (openSUSE-SU-2013:0301-1)

gnome-online-accounts was updated to do SSL certicicate checking when creating accounts, avoiding man-in-the-middle attack possibilities. CVE-2013--240 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

4.3CVSS5.3AI score0.01362EPSS
Exploits0References4
Prion
Prion
added 2014/03/25 1:25 p.m.23 views

Design/Logic Flaw

The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...

4.3CVSS6.6AI score0.01767EPSS
Exploits2References27Affected Software1
Atlassian
Atlassian
added 2014/03/06 5:3 p.m.18 views

Certificates are not checked with a Default installation of StrTreeWin

Message during HG checkin: warning: bitbucket.org certificate with fingerprint 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified check hostfingerprints or web.cacerts config setting This is a default install, and such an install should have security configured correctly out...

1.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/06/21 12:0 a.m.34 views

GLSA-201203-24 : Chromium, V8: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201203-24 Chromium, V8: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent...

7.5CVSS8.6AI score0.02187EPSS
Exploits5References11
Tenable Nessus
Tenable Nessus
added 2012/03/30 12:0 a.m.227 views

Google Chrome < 18.0.1025.142 Multiple Vulnerabilities

Binary data 6402.pasl...

4.3CVSS8.4AI score0.01725EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/03/30 12:0 a.m.46 views

Google Chrome < 18.0.1025.142 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 18.0.1025.142 and is, therefore, affected by the following vulnerabilities : - An error exists in the v8 JavaScript engine that can allow invalid reads. CVE-2011-3057 - An unspecified error exists related to bad interaction...

10CVSS7.5AI score0.05896EPSS
Exploits6References13
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.26 views

CentOS Update for fetchmail CESA-2009:1427 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4CVSS8.5AI score0.03003EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.26 views

CentOS Update for fetchmail CESA-2009:1427 centos5 i386

Check for the Version of fetchmail OpenVAS Vulnerability Test CentOS Update for fetchmail CESA-2009:1427 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

6.4CVSS7AI score0.03003EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2010/05/04 12:0 a.m.39 views

openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)

This update fixes several security issues in mysql : - checking server certificates CVE-2009-4028 - error handling in subqueries CVE-2009-4019 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 - symlink behavior fixed CVE-2008-7247 - symlink behavior refixed CVE-2009-4030 %NASLMINLEVEL 703...

6.8CVSS6.8AI score0.16263EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2010/05/04 12:0 a.m.43 views

openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)

This update fixes several security issues in mysql : - checking server certificates CVE-2009-4028 - error handling in subqueries CVE-2009-4019 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 - symlink behavior fixed CVE-2008-7247 - symlink behavior refixed CVE-2009-4030 %NASLMINLEVEL 703...

6.8CVSS6.8AI score0.16263EPSS
Exploits8References6
OpenVAS
OpenVAS
added 2009/09/09 12:0 a.m.20 views

RedHat Security Advisory RHSA-2009:1427

The remote host is missing updates announced in advisory RHSA-2009:1427. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published null prefix...

6.4CVSS6.8AI score0.03003EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2009/09/09 12:0 a.m.46 views

RHEL 3 / 4 / 5 : fetchmail (RHSA-2009:1427)

An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for...

6.4CVSS7.8AI score0.03003EPSS
Exploits3References7
Cent OS
Cent OS
added 2009/09/08 5:7 p.m.81 views

fetchmail security update

CentOS Errata and Security Advisory CESA-2009:1427 An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote...

6.4CVSS7.1AI score0.03003EPSS
Exploits3References9
Rows per page
Query Builder