Lucene search
K

26 matches found

OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-47778 Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass)

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .cstr before bei...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 7:31 p.m.25 views

CVE-2026-55960

The CVE-2026-55960 entry describes a vulnerability in wolfSSL builds that support Raw Public Key (RPK). Un-negotiated Raw Public Key (RFC 7250) could be accepted in place of an X.509 certificate by ParseCertRelative(), bypassing trust checks, because a raw public key has no chain. The fix/workaro...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/09/30 11:4 p.m.23 views

CVE-2025-24525

CVE-2025-24525 affects Keysight Ixia Vision Product Family. The issue arises from hardcoded cryptographic material, which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the TLS certificate shipped with the device is not replaced. ...

8.7CVSS6.7AI score0.00242EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.3 views

CVE-2021-37102

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

9CVSS7.2AI score0.00946EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.2 views

CVE-2023-39458

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit th...

5.3CVSS6.1AI score0.00247EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/03 3:15 a.m.6 views

CVE-2023-39458

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit th...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References2
OSV
OSV
added 2024/04/02 9:30 a.m.10 views

GHSA-9PH3-V2VH-3QX7 Eclipse Vert.x vulnerable to a memory leak in TCP servers

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

5.4CVSS7AI score0.01055EPSS
Exploits0References18
OSV
OSV
added 2024/01/25 8:15 a.m.4 views

CVE-2023-33760

SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack...

5.3CVSS5.8AI score0.00276EPSS
Exploits1References1
OSV
OSV
added 2023/01/20 11:15 p.m.5 views

UBUNTU-CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS5.8AI score0.0058EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2022/02/23 6:31 a.m.134 views

CVE-2022-21656

A flaw was found in envoy. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames...

7.4CVSS2.4AI score0.0078EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.5 views

Envoy 信任管理问题漏洞

Envoy is an open source distributed proxy server. Envoy has a trust management issue vulnerability that stems from a type confusion error in the defaultvalidator.cc implementation used to implement the default certificate validation routines when handling subjectAltNames. no details of the...

7.4CVSS5.6AI score0.0078EPSS
Exploits0References5
OSV
OSV
added 2021/11/23 4:15 p.m.6 views

CVE-2021-37102

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

8.8CVSS5.8AI score0.00946EPSS
Exploits0References1
Prion
Prion
added 2021/11/23 4:15 p.m.17 views

Command injection

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

9CVSS8.8AI score0.00946EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.5 views

Huawei FusionCompute 命令注入漏洞

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, etc. A command injection vulnerability exists in the Huawei FusionCompute product, which stems from incorrect input validation in the CMA servi...

9CVSS8.4AI score0.00946EPSS
Exploits0References4
OSV
OSV
added 2021/09/28 3:15 p.m.7 views

CVE-2021-37106

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...

7.2CVSS7.1AI score0.00898EPSS
Exploits0References1
Huawei
Huawei
added 2021/09/22 12:0 a.m.40 views

Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

9CVSS8.9AI score0.00946EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.47 views

EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...

9.8CVSS7.4AI score0.40982EPSS
Exploits0References8
OSV
OSV
added 2020/03/12 2:15 p.m.2 views

CVE-2020-9435

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

7.5CVSS7.1AI score0.01156EPSS
Exploits3References4
Prion
Prion
added 2020/03/12 2:15 p.m.26 views

Hardcoded credentials

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

5CVSS7.6AI score0.01156EPSS
Exploits3References4Affected Software6
Cvelist
Cvelist
added 2017/11/27 4:0 p.m.43 views

CVE-2017-15114

When libvirtd is configured by OSP director tripleo-heat-templates to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd which is equivalent to root acces...

8.5AI score0.01506EPSS
Exploits0References2
Rows per page
Query Builder