Lucene search
K

7439 matches found

ThreatPost
ThreatPost
added 2011/08/12 4:13 p.m.8 views

New Workaround Released For iOS SSL Flaw

A security researcher has released a new workaround for the critical vulnerability in the Apple iOS operating system related to the way that the OS handle SSL certificate validation. The workaround makes some key checks in the certificate chain that the vulnerable versions of iOS and a previous...

0.3AI score
Exploits0References4
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.19 views

CentOS Update for openssl096b CESA-2009:0004 centos3 i386

Check for the Version of openssl096b OpenVAS Vulnerability Test CentOS Update for openssl096b CESA-2009:0004 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

5.8CVSS7.5AI score0.05146EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.20 views

CentOS Update for bind CESA-2009:0020 centos3 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.8CVSS6.5AI score0.0686EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/07/28 7:27 a.m.4 views

Mozilla Firefox vulnerable to denial-of-service (DoS)

Overview Mozilla Firefox contains a denial-of-service DoS vulnerability. Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported...

6.5CVSS6.4AI score0.00562EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/07/28 12:0 a.m.40 views

JVN#70984231: Mozilla Firefox vulnerable to denial-of-service (DoS)

Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported, a denial-of-service DoS may occur. Solution Update the Software Update ...

6.5CVSS6.2AI score0.00562EPSS
Exploits0
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.80 views

TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain

Trustwave's SpiderLabs Security Advisory TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt Published: 2011-07-25 Version: 1.0 Vendor: Apple http://www.apple.com Product: iOS Version affected: Versions Prior to...

7.5CVSS0.2AI score0.06387EPSS
Exploits1
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.59 views

[DSB-2011-01] Security Advisory FreeRADIUS 2.1.11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DFN-CERT Services GmbH - Security Advisory ========================================== Advisory: DSB-2011-01 Version: 1.0 Released on: 2011-07-22 Updated on: 2011-07-22 Product: FreeRADIUS 2.1.11 2011-06-29 Summary - ------- FreeRADIUS is a RADIUS serv...

5.8CVSS0.01847EPSS
Exploits0
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.54 views

APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone iOS 4.2.10 Software Update for iPhone is now available and addresses the following: Data Security Available for: iOS 4.2.5 through 4.2.9 for iPhone 4 CDMA Impact: An attacker with a privilege...

7.5CVSS0.2AI score0.06387EPSS
Exploits1
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.66 views

APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update iOS 4.3.5 Software Update is now available and addresses the following: Data Security Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 GSM, iOS 3.1 through 4.3.4 for iPod touch 3rd...

7.5CVSS0.1AI score0.06387EPSS
Exploits1
securityvulns
securityvulns
added 2011/07/22 12:0 a.m.221 views

APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross-...

10CVSS0.6AI score0.43195EPSS
Exploits33
Prion
Prion
added 2011/07/21 11:55 p.m.24 views

Design/Logic Flaw

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to...

9.3CVSS7.9AI score0.01529EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2011/06/13 12:0 a.m.20 views

TigerVNC SSL Certificate Validation Security Bypass Vulnerability - Windows

TigerVNC is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tigervnc:tigervnc";...

5.8CVSS6.3AI score0.0129EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2011/06/06 7:55 p.m.18 views

CVE-2011-0082

The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwante...

4.3CVSS5.9AI score0.01502EPSS
Exploits2References1
Prion
Prion
added 2011/06/06 7:55 p.m.18 views

Design/Logic Flaw

The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwante...

4.3CVSS6.9AI score0.01502EPSS
Exploits2References9Affected Software1
Cvelist
Cvelist
added 2011/06/06 7:0 p.m.27 views

CVE-2011-0082

The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwante...

9.2AI score0.01502EPSS
Exploits2References9
OSV
OSV
added 2011/05/13 10:55 p.m.6 views

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

6.2AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2011/05/13 10:55 p.m.20 views

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

4.3CVSS5.7AI score0.04246EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2011/01/17 12:0 a.m.28 views

GLSA-201101-06 : IO::Socket::SSL: Certificate validation error

The remote host is affected by the vulnerability described in GLSA-201101-06 IO::Socket::SSL: Certificate validation error The vendor reported that IO::Socket::SSL does not properly handle Common Name CN fields. Impact : A remote attacker might employ a specially crafted certificate to conduct...

4.3CVSS5.5AI score0.00996EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2011/01/16 12:0 a.m.42 views

IO::Socket::SSL: Certificate validation error

Background IO::Socket::SSL is a Perl class implementing an object oriented interface to SSL sockets. Description The vendor reported that IO::Socket::SSL does not properly handle Common Name CN fields. Impact A remote attacker might employ a specially crafted certificate to conduct...

4.3CVSS6.2AI score0.00996EPSS
Exploits0
OSV
OSV
added 2010/10/14 5:58 a.m.4 views

DEBIAN-CVE-2010-3901

OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that 1 does not correspond to the server hostname or 2 is presented in circumstances involving a missing...

6.4CVSS6.8AI score0.0061EPSS
Exploits0References1
Rows per page
Query Builder