Lucene search
+L

117 matches found

CNVD
CNVD
added 2015/02/21 12:0 a.m.6 views

Cisco Intrusion Prevention System Key Generation HTTPS Denial of Service Vulnerability

Cisco Intrusion Prevention System is an intrusion prevention system. A contention condition vulnerability exists in the SSL/TLS subsystem used by the Cisco Intrusion Prevention System WEB interface to generate encryption certificates and keys for affected devices, which could be exploited by an...

7.1CVSS6.8AI score0.01162EPSS
Exploits0References1
Mageia
Mageia
added 2013/08/12 1:54 p.m.57 views

Updated firefox and thunderbird packages fix security vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS9.9AI score0.40118EPSS
Exploits14References9
Tenable Nessus
Tenable Nessus
added 2013/08/08 12:0 a.m.36 views

Firefox < 23.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when using...

10CVSS6.9AI score0.40118EPSS
Exploits15References28
Tenable Nessus
Tenable Nessus
added 2013/08/08 12:0 a.m.41 views

Thunderbird < 17.0.8 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when...

10CVSS7.3AI score0.40118EPSS
Exploits14References21
RedHat Linux
RedHat Linux
added 2013/08/07 6:1 p.m.5 views

Mozilla: CRMF requests allow for code execution and XSS attacks (MFSA 2013-69)

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

10CVSS6.8AI score0.40118EPSS
Exploits13References5
RedHat Linux
RedHat Linux
added 2013/08/07 8:22 a.m.4 views

Mozilla: CRMF requests allow for code execution and XSS attacks (MFSA 2013-69)

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

10CVSS6.8AI score0.40118EPSS
Exploits13References5
NVD
NVD
added 2013/08/07 1:55 a.m.21 views

CVE-2013-1710

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

10CVSS6.1AI score0.40118EPSS
Exploits13References6
Prion
Prion
added 2013/08/07 1:55 a.m.16 views

Heap overflow

Heap-based buffer underflow in the cryptojsinterpretkeygentype function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Certificate Request Message Format CRMF request...

10CVSS8.2AI score0.03914EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2013/08/07 1:55 a.m.27 views

Cross site scripting

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

10CVSS6.5AI score0.40118EPSS
Exploits13References6Affected Software5
Cvelist
Cvelist
added 2013/08/07 1:0 a.m.23 views

CVE-2013-1705

Heap-based buffer underflow in the cryptojsinterpretkeygentype function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Certificate Request Message Format CRMF request...

7.5AI score0.03914EPSS
Exploits0References5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.41 views

Buffer underflow when generating CRMF requests — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format CRMF request with certain parameters. This causes a potentially exploitable crash...

10CVSS4.8AI score0.03914EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.66 views

CRMF requests allow for code execution and XSS attacks — Mozilla

Mozilla security researcher mozbugra4 reported a mechanism to execute arbitrary code or a cross-site scripting XSS attack when Certificate Request Message Format CRMF request is generated in certain circumstances...

10CVSS3.8AI score0.40118EPSS
Exploits13References2Affected Software5
Symantec
Symantec
added 2010/08/10 12:0 a.m.24 views

Microsoft Windows SChannel Certificate Request Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects SChannel. Successful exploits will allow an attacker to run arbitrary code in the context of the currently logged-in user. Technologies Affected Avaya Aura Conferencing 6.0 Avaya Aura Conferencing 6.0...

Exploits0Affected Software10
Exploit DB
Exploit DB
added 2009/06/30 12:0 a.m.406 views

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. CVE-2009-2408. Remote exploit for linux platform source: http://www.securityfocus.com/bid/35888/info Mozilla Network Security Services NSS is prone to a security-bypass vulnerability because it fails to proper...

6.8CVSS0.05741EPSS
Exploits4
NVD
NVD
added 2008/06/02 9:30 p.m.25 views

CVE-2008-1580

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information Subject data from personally identifiable certificates, and use arbitrary certificates...

4.3CVSS5.8AI score0.01304EPSS
Exploits1References8
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.24 views

CVE-2004-0040

Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet...

8.1AI score0.07623EPSS
Exploits0References8
NVD
NVD
added 2004/03/03 5:0 a.m.20 views

CVE-2004-0040

Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet...

10CVSS8.2AI score0.07623EPSS
Exploits0References8
Rows per page
Query Builder