Lucene search
K

14 matches found

OSV
OSV
added 2026/04/27 6:33 p.m.14 views

JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

5.9CVSS6.6AI score0.06968EPSS
Exploits3References39
GithubExploit
GithubExploit
added 2023/09/28 3:55 p.m.729 views

Exploit for Code Injection in Cisco Telepresence_Video_Communication_Server

I started looking at Cisco Expressway after I noticed quite a fe...

7.2CVSS7.3AI score0.37885EPSS
Exploits1
NVD
NVD
added 2023/06/27 6:15 p.m.44 views

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

7.5CVSS5.5AI score0.00503EPSS
Exploits0References3
Prion
Prion
added 2023/06/27 6:15 p.m.30 views

Authentication flaw

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

5CVSS7.9AI score0.00503EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/27 5:10 p.m.39 views

CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

4CVSS7.7AI score0.00503EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/06/27 5:10 p.m.42 views

CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

4CVSS7.9AI score0.00503EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/10/04 12:0 a.m.13 views

Ubuntu: Security Advisory (USN-5651-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01634EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2019/01/15 12:0 a.m.46 views

Python -- NULL pointer dereference vulnerability

Python Changelog: bpo-35746: CVE-2019-5010 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability TALOS-2018-0758 reported by Colin Read and Nicolas Ede...

7.5CVSS1.6AI score0.20743EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/09/18 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-2727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.1903EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/09/02 12:0 a.m.24 views

Ubuntu 15.04 : gnutls28 vulnerabilities (USN-2727-1)

It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. CVE-2015-3308 Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName DN entry in a...

7.5CVSS7.6AI score0.1903EPSS
Exploits0References3
NVD
NVD
added 2011/07/07 9:55 p.m.19 views

CVE-2011-1224

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...

4.3CVSS6.2AI score0.00765EPSS
Exploits0References4
Prion
Prion
added 2011/07/07 9:55 p.m.19 views

Code injection

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...

4.3CVSS6.8AI score0.00765EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/07/07 9:0 p.m.53 views

CVE-2011-1224

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 do not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. No further techn...

4.3CVSS6.4AI score0.00765EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/07/07 9:0 p.m.20 views

CVE-2011-1224

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...

6.2AI score0.00765EPSS
Exploits0References4
Rows per page
Query Builder