Lucene search
K

5 matches found

Veracode
Veracode
added 2025/10/27 5:49 a.m.5 views

Identity Spoofing

org.igniterealtime.openfire, xmppserver is vulnerable to identity spoofing. The vulnerability is due to regex-based extraction of the Common Name CN from an unescaped, provider-dependent Distinguished Name DN string, which allows an attacker to impersonate other users using crafted certificate...

5.9CVSS6.6AI score0.0022EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/02/24 7:15 p.m.32 views

CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.3CVSS3.6AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/02/24 7:15 p.m.57 views

CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.3CVSS6.7AI score0.09358EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/24 6:27 p.m.30 views

CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

6.7AI score0.09358EPSS
Exploits1References6
OSV
OSV
added 2009/09/29 11:30 p.m.1 views

DEBIAN-CVE-2009-3475

Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...

7.5CVSS7AI score0.00891EPSS
Exploits0References1
Rows per page
Query Builder