CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Ubuntu•added 2009/11/12 1:28 p.m.•71 views

USN-858-1: OpenLDAP vulnerability

It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

4.3CVSS5.4AI score0.022EPSS

Tenable Nessus•added 2009/10/30 12:0 a.m.•23 views

LDAP Service STARTTLS Command Support

The remote LDAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42329; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

5.6AI score

Tenable Nessus•added 2009/10/15 12:0 a.m.•137 views

FTP Service AUTH TLS Command Support

The remote FTP service supports the use of the 'AUTH TLS' command to switch from a cleartext to an encrypted communications channel. TRUSTED...

5.5AI score

Ubuntu•added 2009/10/06 5:9 p.m.•57 views

USN-842-1: Wget vulnerability

It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

6.8CVSS5.4AI score0.01831EPSS

myhack58•added 2009/09/22 12:0 a.m.•12 views

The new cloud 4. 0 latest 0day-vulnerability warning-the black bar safety net

To access the ask directory,registered users, In the password question of the place to insert the encrypted word:┼pay offs number 畣 whole 爠 Hwan enemy 瑳∨≡┩anger Registration after a successful connection to the default database:ask/data/asknewasp. asa password:a...

2.6AI score

Ubuntu•added 2009/09/21 6:50 p.m.•68 views

USN-835-1: neon vulnerabilities

Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

5.8CVSS5.3AI score0.01668EPSS

Tenable Nessus•added 2009/09/18 12:0 a.m.•30 views

Ubuntu 8.04 LTS / 8.10 / 9.04 : kde4libs, kdelibs vulnerability (USN-833-1)

It was discovered that KDE did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable...

7.5CVSS5.6AI score0.00448EPSS

Ubuntu•added 2009/09/17 11:15 p.m.•56 views

USN-833-1: KDE-Libs vulnerability

It was discovered that KDE did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

7.5CVSS5.7AI score0.00448EPSS

Tenable Nessus•added 2009/09/11 12:0 a.m.•25 views

Ubuntu 8.04 LTS / 8.10 / 9.04 : qt4-x11 vulnerability (USN-829-1)

It was discovered that Qt did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. CVE-2009-2700. Not...

4.3CVSS5.4AI score0.00285EPSS

OpenVAS•added 2009/09/02 12:0 a.m.•25 views

Ubuntu: Security Advisory (USN-809-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.02695EPSS

Exploits1References3

Tenable Nessus•added 2009/08/20 12:0 a.m.•59 views

openSUSE Security Update : libfreebl3 (libfreebl3-1201)

The Mozilla NSS security framework was updated to version 3.12.3.1. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant...

9.3CVSS8AI score0.21024EPSS

Exploits5References3

Ubuntu•added 2009/08/17 6:37 p.m.•63 views

USN-818-1: curl vulnerability

Scott Cantor discovered that Curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

7.5CVSS5.8AI score0.0733EPSS

OpenVAS•added 2009/08/17 12:0 a.m.•38 views

Ubuntu USN-810-2 (fixed)

The remote host is missing an update to fixed announced via advisory USN-810-2. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of...

9.3CVSS0.6AI score0.21024EPSS

Exploits5References1

Tenable Nessus•added 2009/08/13 12:0 a.m.•27 views

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : fetchmail vulnerability (USN-816-1)

Matthias Andree discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Securi...

6.4CVSS8AI score0.00665EPSS

Exploits1References2

Ubuntu•added 2009/08/12 10:27 p.m.•60 views

USN-816-1: fetchmail vulnerability

Matthias Andree discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

6.4CVSS8.1AI score0.00665EPSS