CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4455 matches found

Tenable Nessus•added 2010/01/06 12:0 a.m.•33 views

CentOS 5 : gnutls (CESA-2008:0489)

Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TL...

10CVSS7.5AI score0.199EPSS

Exploits3References5

Tenable Nessus•added 2010/01/06 12:0 a.m.•22 views

CentOS 5 : lftp (CESA-2009:1278)

An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Lik...

6.8CVSS6AI score0.05138EPSS

Exploits0References3

Tenable Nessus•added 2009/12/23 12:0 a.m.•26 views

Mandriva Linux Security Advisory : proftpd (MDVSA-2009:337)

A vulnerability has been identified and corrected in proftpd : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla...

9.8CVSS7.5AI score0.03741EPSS

Exploits14References2

RedHat Linux•added 2009/12/11 1:42 p.m.•2 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.02215EPSS

Exploits0References4

OpenVAS•added 2009/12/10 12:0 a.m.•41 views

Mandriva Security Advisory MDVSA-2009:308 (gnutls)

The remote host is missing an update to gnutls announced via advisory MDVSA-2009:308. OpenVAS Vulnerability Test $Id: mdksa2009308.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:308 gnutls Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...

7.5CVSS0.8AI score0.02695EPSS

Exploits1

OpenVAS•added 2009/12/10 12:0 a.m.•37 views

Mandriva Security Advisory MDVSA-2009:308 (gnutls)

The remote host is missing an update to gnutls announced via advisory MDVSA-2009:308. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

7.5CVSS6.1AI score0.02695EPSS

Exploits1References1

Tenable Nessus•added 2009/12/04 12:0 a.m.•33 views

Mandriva Linux Security Advisory : gnutls (MDVSA-2009:308)

Multiple vulnerabilities has been found and corrected in gnutls : gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is 1 not yet valid or 2 no longer valid, related ...

7.5CVSS5.6AI score0.02695EPSS

Exploits1References2

VulnCheck KEV•added 2009/11/18 12:0 a.m.•1 views

VulnCheck KEV: CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier,...

5.8CVSS6.9AI score0.03741EPSS

Exploits14References1

Debian•added 2009/11/17 1:46 p.m.•51 views

[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness

-------------------------------------------------------------------------- Debian Security Advisory DSA-1935-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano November 17th, 2009 http://www.debian.org/security/faq -...

7.5CVSS7AI score0.02695EPSS

Exploits0

CERT•added 2009/11/11 12:0 a.m.•531 views

SSL and TLS protocols renegotiation vulnerability

Overview A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation...

9.8CVSS7.6AI score0.03741EPSS

Exploits14References13

RedHat Linux•added 2009/11/10 7:30 p.m.•4 views

deprecate MD2 in SSL cert validation (Kaminsky)

5.1CVSS6.6AI score0.02215EPSS

Exploits0References4

OSV•added 2009/11/09 5:30 p.m.•6 views

DEBIAN-CVE-2009-3555

9.8CVSS7.4AI score0.03741EPSS

Exploits14References1

OSV•added 2009/11/09 5:30 p.m.•11 views

CVE-2009-3555

9.8CVSS6.4AI score0.03741EPSS

Exploits14References319

NVD•added 2009/11/09 5:30 p.m.•25 views

CVE-2009-3555

9.8CVSS5.7AI score0.03741EPSS

Exploits14References299

Prion•added 2009/11/09 5:30 p.m.•38 views

Cross site request forgery (csrf)

5.8CVSS8.8AI score0.03741EPSS

Exploits14References298Affected Software8

Cvelist•added 2009/11/09 5:0 p.m.•42 views

CVE-2009-3555

6AI score0.03741EPSS

Exploits14References298

CVE•added 2009/11/09 5:0 p.m.•1278 views

CVE-2009-3555

CVE-2009-3555 concerns a TLS/SSL renegotiation flaw where renegotiation handshakes were not properly associated with the existing connection, enabling MITM data insertion in HTTPS and other TLS/SSL sessions (Project Mogul). Connected advisories show concrete mitigations and affected software: Pou...

9.8CVSS6AI score0.03741EPSS

Exploits14References299Affected Software4