4455 matches found
CVE-2009-2730
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...
GnuTLS -- improper SSL certificate verification
GnuTLS reports: By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1 not printing the entire CN/SAN field value when printing a certificate and 2 cause incorrect positive matches when matching a hostname against a certificate...
OpenSSL/GnuTLS SSL Server Spoofing Vulnerability - Windows
OpenSSL/GnuTLS is prone to an SSL server spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
CVE-2009-2409
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
CVE-2009-2409
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
CVE-2009-2409
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
CVE-2009-2409
CVE-2009-2409 involves MD2 use in X.509 certificate signatures across NSS, GnuTLS, and OpenSSL. Root cause: MD2 hash weaknesses allow forging/collision-based certificate spoofing; public updates disable/avoid MD2 and patch implementations. Affected components include NSS library (Firefox usage), ...
CVE-2009-2409
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
openSUSE Security Update : gnutls (gnutls-605)
The previous security fix for gnutls CVE-2008-4989 introduced a regression in the X.509 validation code for self-signed certificates. This update fixes this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
openSUSE Security Update : gnutls (gnutls-358)
gnutls did not properly verify x509 certificate chains. An attacker could exploit that to trick client programs into trusting servers that would normally get rejected CVE-2008-4989. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
openSUSE Security Update : gnutls (gnutls-858)
This update of gnutls immproves the certificate validation process of gnutls-cli, prior gnutls-cli allowed man-in-the-middle attacks only Gnus seems to use this tool. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
openSUSE Security Update : gnutls (gnutls-605)
The previous security fix for gnutls CVE-2008-4989 introduced a regression in the X.509 validation code for self-signed certificates. This update fixes this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Mutt 1.5.19 Security Bypass Vulnerability
Mutt is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mutt:mutt"; ifdescription...
Code injection
Mutt 1.5.19, when linked against 1 OpenSSL muttssl.c or 2 GnuTLS muttsslgnutls.c, allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack...
DEBIAN-CVE-2009-1390
Mutt 1.5.19, when linked against 1 OpenSSL muttssl.c or 2 GnuTLS muttsslgnutls.c, allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack...
CVE-2009-1390
Mutt 1.5.19, when linked against 1 OpenSSL muttssl.c or 2 GnuTLS muttsslgnutls.c, allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack...
CVE-2009-1390
Mutt 1.5.19, when linked against 1 OpenSSL muttssl.c or 2 GnuTLS muttsslgnutls.c, allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack...
CVE-2009-1390
Mutt 1.5.19, when linked against 1 OpenSSL muttssl.c or 2 GnuTLS muttsslgnutls.c, allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack...
CVE-2009-1390
Mutt 1.5.19, when linked against 1 OpenSSL muttssl.c or 2 GnuTLS muttsslgnutls.c, allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack...