Lucene search
+L

382 matches found

OSV
OSV
added 2009/04/09 12:30 a.m.3 views

DEBIAN-CVE-2009-0846

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

10CVSS8.5AI score0.08898EPSS
Exploits0References1
NVD
NVD
added 2008/11/13 1:0 a.m.17 views

CVE-2008-4989

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

5.9CVSS5.6AI score0.01882EPSS
Exploits1References30
Prion
Prion
added 2008/11/13 1:0 a.m.24 views

Code injection

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

4.3CVSS6.2AI score0.01882EPSS
Exploits1References30Affected Software7
UbuntuCve
UbuntuCve
added 2008/11/12 12:0 a.m.22 views

CVE-2008-4989

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

5.9CVSS6.3AI score0.01882EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2008/11/11 6:26 p.m.7 views

gnutls: certificate chain verification flaw

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

5.9CVSS6.3AI score0.01882EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/02 12:37 p.m.3 views

Firefox self signed certificate flaw

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also...

4CVSS5.9AI score0.0124EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/04/04 12:44 a.m.28 views

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

7.5CVSS5.9AI score0.0187EPSS
Exploits1References1
Prion
Prion
added 2008/04/04 12:44 a.m.17 views

Authentication flaw

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

7.5CVSS7.3AI score0.0187EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2008/04/04 12:0 a.m.51 views

CVE-2008-0555

CVE-2008-0555 affects Apache-SSL: ExpandCert() mishandles '/' and '=' in a client certificate DN, enabling a crafted DN to overwrite environment variables and potentially bypass authentication. Affected: Apache-SSL before apache_1.3.41+ssl_1.59. Mitigation: upgrade to apache_1.3.41+ssl_1.59.

7.5CVSS6.7AI score0.0187EPSS
Exploits1References10Affected Software1
RedHat Linux
RedHat Linux
added 2007/06/07 10:30 p.m.40 views

Low: Red Hat Security Advisory: openldap security and bug-fix update

A updated openldap packages that fix a security flaw and a memory leak bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protoc...

2.3CVSS5.7AI score0.02658EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2007/06/07 10:30 p.m.9 views

security flaw

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...

2.3CVSS5.9AI score0.02658EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/05/01 2:10 p.m.4 views

security flaw

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...

2.3CVSS5.9AI score0.02658EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/04/13 10:0 a.m.37 views

CVE-2006-1782

Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name rootDN password when a privileged user 1 runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including 2 ldapadd, 3 ldapdelete, 4 ldapmodify, 5 ldapmodrd...

6.5AI score0.0043EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2006/02/13 12:0 a.m.29 views

CommuniGate Pro Server < 5.0.8 LDAP Module Field Handling Remote DoS

The remote host appears to be running CommuniGate Pro, a commercial email and groupware application. The version of CommuniGate Pro installed on the remote host includes an LDAP server that fails to handle requests with Distinguished Names DNs that contain too many elements. A user can leverage...

5CVSS5.5AI score0.0222EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/02/06 11:0 p.m.17 views

CVE-2006-0566

The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service application crash via LDAP messages that contain Distinguished Names DN fields with a large number of elements...

6.6AI score0.0222EPSS
Exploits0References9
OSV
OSV
added 2004/07/07 4:0 a.m.2 views

DEBIAN-CVE-2004-0488

Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...

7.5CVSS8.4AI score0.37681EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2004/07/06 8:35 a.m.7 views

mod_ssl ssl_util_uuencode_binary CA issue

Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...

7.5CVSS6.4AI score0.37681EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2004/05/17 12:0 a.m.5 views

PT-2004-1606 · Apache · Apache Mod Ssl +1

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to a stack-based buffer overflow in the ssl util uuencode binary function. This occurs when mod ssl is configured to trust the issuing CA and a client certificat...

7.5CVSS7.1AI score0.37681EPSS
Exploits0References36
NVD
NVD
added 2002/11/29 5:0 a.m.19 views

CVE-2002-1283

Buffer overflow in Novell iManager eMFrame before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name DN attribute...

5CVSS7.1AI score0.01958EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/11/14 5:0 a.m.18 views

CVE-2002-1283

Buffer overflow in Novell iManager eMFrame before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name DN attribute...

7.1AI score0.01958EPSS
Exploits0References4
Rows per page
Query Builder