Lucene search
K

94 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6404

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00517EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-6590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in network-manager-applet aka network-manager-gnome in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use thi...

6.9CVSS6.6AI score0.00269EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-24010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DD...

8.2CVSS6AI score0.00326EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.5 views

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

7.5CVSS7AI score0.00503EPSS
Exploits0References1
OSV
OSV
added 2025/02/10 4:15 p.m.2 views

DEBIAN-CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

9.2CVSS7.6AI score0.00681EPSS
Exploits0References1
Veeam
Veeam
added 2024/12/18 12:0 a.m.23 views

Granular sudo Permissions for Installing Veeam Plug-ins for Enterprise Applications using Protection Groups

Challenge This article provides an example granular 'sudoer' configuration for the Linux account that will be used by Veeam Backup & Replication when installing Veeam Plug-Ins for Enterprise Applications using a Protection Group, specifically for Veeam Plug-in for Oracle RMAN and Veeam Plug-in fo...

6.5AI score
Exploits0Affected Software1
Citrix
Citrix
added 2024/07/19 12:0 a.m.10 views

Error: Connection Failed - Citrix Endpoint Management with Certificate Based Authentication

Warning Event ID = 39 or ID = 41 on Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 before February 11,2025. "Connection failed" will be shown by clicking Test Connection in PKI Entities after February 11, 2025...

7.2AI score
Exploits0
Citrix
Citrix
added 2024/07/14 12:0 a.m.9 views

Citrix Endpoint Management: Active Directory Issues

Introduction Active Directory AD integration issues in XenMobile can range from synchronization errors to authentication failures and configuration complications. This series of articles offers troubleshooting guidance and best practices to address these challenges, ensuring smooth operation and...

7.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2023/11/14 8:0 a.m.398 views

Description of the security update for Microsoft Exchange Server 2016: November 14, 2023 (KB5032147)

Description of the security update for Microsoft Exchange Server 2016: November 14, 2023 KB5032147 Notice See also KB 5032146 for additional information about issues that are fixed in this security update. This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn...

8CVSS7.3AI score0.86588EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/10/05 2:27 p.m.4 views

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

5.3CVSS6.8AI score0.0079EPSS
Exploits0References7
Securelist
Securelist
added 2023/07/28 10:0 a.m.33 views

Anomaly detection in certificate-based TGT requests

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center KDC into granting access to the target companys network. An example of such an...

7.4AI score
Exploits0
Citrix
Citrix
added 2023/07/13 12:0 a.m.11 views

MS KB5014754 - Audit events found for FAS

As Per the Microsoft KB linked below, we have found audit events on our domain controllers that indicate we will be impacted when this change is enforced. We need the remediation steps, so we can implement them before we're impacted...

7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.23 views

SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack

CVE-2022-0778 A vulnerability has been reported on the 15th of March 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-0778 Description - A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters. More details...

7.5CVSS7.2AI score0.70561EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/01/28 10:42 a.m.5 views

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/01/24 8:49 a.m.4 views

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

8.8CVSS7.2AI score0.0095EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/24 12:0 a.m.3 views

SSSD 注入漏洞

SSSD is a daemon that provides access to local or remote identity and authentication resources. SSSD suffers from an injection vulnerability that stems from PKINIT enabling clients to authenticate to a KDC using an X.509 certificate and corresponding private key instead of a passphrase or key tab...

8.8CVSS6.7AI score0.0095EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2022/11/09 5:20 p.m.40 views

Failing DTLS handshakes may cause throttling to block processing of records

Impact Failing handshakes didn't cleanup counters for throttling. In consequence the threshold may get reached and will not be released again. The results in permanently dropping records. The issues was reported for certificate based handshakes, but it can't be excluded, that this happens also fo...

8.2CVSS7.9AI score0.00553EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/09 12:0 a.m.7 views

PT-2022-24935 · Eclipse · Eclipse Californium

Name of the Vulnerable Software and Affected Versions: Eclipse Californium versions prior to 3.7.0 Eclipse Californium versions prior to 2.7.4 Description: Eclipse Californium, a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services, is vulnerable to a Denial of...

8.2CVSS8AI score0.00553EPSS
Exploits0References11
Cvelist
Cvelist
added 2022/11/09 12:0 a.m.60 views

CVE-2022-39368 Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

8.2CVSS8.1AI score0.00553EPSS
Exploits0References3
Microsoft Secure
Microsoft Secure
added 2022/10/19 4:0 p.m.18 views

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

0.1AI score
Exploits0
Rows per page
Query Builder