Lucene search
+L

46 matches found

cve
cve
added 2014/06/11 1:0 a.m.77 views

CVE-2014-1771

CVE-2014-1771 affects Microsoft Internet Explorer 6–11 with SChannel, where during TLS renegotiation the server certificate may differ from the pre-renegotiation one. This allows MITM attackers to obtain sensitive information or modify TLS session data via a triple handshake attack. Public exploi...

6.8CVSS5.8AI score0.07556EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2014/06/11 1:0 a.m.21 views

CVE-2014-1771

SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake...

5.7AI score0.07556EPSS
Exploits0References4
prion
prion
added 2014/04/23 11:52 a.m.29 views

Design/Logic Flaw

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive...

6.8CVSS5.4AI score0.00943EPSS
Exploits1References4Affected Software3
cvelist
cvelist
added 2014/04/23 10:0 a.m.29 views

CVE-2014-1295

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive...

4.9AI score0.00943EPSS
Exploits1References4
osv
osv
added 2014/03/11 12:0 a.m.3 views

UBUNTU-CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

7.8CVSS6.4AI score0.07045EPSS
Exploits0References15
redhat
redhat
added 2010/10/08 1:48 a.m.6 views

MRG: SSL connections to MRG broker can be blocked

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...

4.3CVSS5.9AI score0.04711EPSS
Exploits0References4
Rows per page
Query Builder