Lucene search
K

956 matches found

UbuntuCve
UbuntuCve
added 2009/11/16 7:30 p.m.32 views

CVE-2009-3941

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

5CVSS6AI score0.00928EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/11/16 7:30 p.m.19 views

CVE-2009-3942

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

6.4CVSS6AI score0.0108EPSS
Exploits0References1
Prion
Prion
added 2009/11/16 7:30 p.m.26 views

Design/Logic Flaw

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

5CVSS8.9AI score0.05741EPSS
Exploits4References3Affected Software1
Prion
Prion
added 2009/11/16 7:30 p.m.14 views

Design/Logic Flaw

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

6.4CVSS8.9AI score0.05741EPSS
Exploits4References4Affected Software1
Debian CVE
Debian CVE
added 2009/11/16 7:0 p.m.23 views

CVE-2009-3942

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

6.4CVSS8.4AI score0.0108EPSS
Exploits0
Cvelist
Cvelist
added 2009/11/16 7:0 p.m.32 views

CVE-2009-3941

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

6.3AI score0.00928EPSS
Exploits0References3
NVD
NVD
added 2009/11/10 7:30 p.m.23 views

CVE-2009-2825

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

4.3CVSS6AI score0.00772EPSS
Exploits1References4
Prion
Prion
added 2009/11/10 7:30 p.m.29 views

Design/Logic Flaw

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

4.3CVSS8.4AI score0.05741EPSS
Exploits5References4Affected Software2
Cvelist
Cvelist
added 2009/11/10 7:0 p.m.42 views

CVE-2009-2825

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

6.1AI score0.00772EPSS
Exploits1References4
OSV
OSV
added 2009/10/28 2:30 p.m.8 views

CVE-2009-3639

The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...

5.7AI score
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2009/10/26 12:0 a.m.44 views

Mandriva Linux Security Advisory : proftpd (MDVSA-2009:288)

A vulnerability has been identified and corrected in proftpd : The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '' character in a domain name in the Subject Alternative Name field of an X.509 client...

6.8CVSS6.9AI score0.05741EPSS
Exploits5References2
NVD
NVD
added 2009/10/23 7:30 p.m.27 views

CVE-2009-3765

muttssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

6.8CVSS6.1AI score0.01084EPSS
Exploits0References4
Prion
Prion
added 2009/10/23 7:30 p.m.31 views

Design/Logic Flaw

muttssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

6.8CVSS8.9AI score0.05741EPSS
Exploits4References4Affected Software1
Debian CVE
Debian CVE
added 2009/10/23 7:0 p.m.49 views

CVE-2009-3767

libraries/libldap/tlso.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...

4.3CVSS8.4AI score0.03094EPSS
Exploits1
Debian CVE
Debian CVE
added 2009/10/23 7:0 p.m.39 views

CVE-2009-3765

muttssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

6.8CVSS8.4AI score0.01084EPSS
Exploits0
CVE
CVE
added 2009/10/23 7:0 p.m.233 views

CVE-2009-3767

CVE-2009-3767 affects OpenLDAP 2.4.x and related TLS implementations when OpenSSL is used, due to improper handling of a null character in the domain CN of an X.509 certificate, enabling MITM spoofing of SSL servers via a CA-issued certificate. Connected records indicate this CVE is tied to OpenL...

4.3CVSS6.2AI score0.03094EPSS
Exploits1References16Affected Software1
CVE
CVE
added 2009/10/23 7:0 p.m.150 views

CVE-2009-3765

CVE-2009-3765 affects mutt (versions 1.5.19/1.5.20) when built with OpenSSL: it mishandles a '\0' in the domain name of the X.509 certificate’s CN, enabling MITM spoofing of SSL servers via certificates from a legitimate CA. The vulnerability is described as related to CVE-2009-2408. The provided...

6.8CVSS5.9AI score0.01084EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2009/10/14 10:30 a.m.33 views

Integer overflow

Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities v...

7.5CVSS7.1AI score0.12959EPSS
Exploits1References3
Prion
Prion
added 2009/10/14 10:30 a.m.30 views

Sql injection

The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domai...

6.8CVSS8.9AI score0.05741EPSS
Exploits5References7Affected Software2
Cvelist
Cvelist
added 2009/10/14 10:0 a.m.45 views

CVE-2009-2510

The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domai...

6.3AI score0.05321EPSS
Exploits1References7
Rows per page
Query Builder