Lucene search
K

19 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:12 p.m.30 views

python-apt Does Not Check Hash Signature

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

4.7CVSS6.9AI score0.00496EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.36 views

RHEL 5 : nspr and nss (RHSA-2009:1207)

Updated nspr and nss packages that fix security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform independence for...

9.3CVSS7.2AI score0.05741EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.50 views

RHEL 4 : nspr and nss (RHSA-2009:1190)

Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform...

9.3CVSS7.3AI score0.05741EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.48 views

Scientific Linux Security Update : openssl on SL5.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests DoS It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the...

5.1CVSS6.7AI score0.08941EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.30 views

CentOS Update for seamonkey CESA-2009:1432 centos3 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

9.3CVSS6.8AI score0.06724EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2010/03/31 12:0 a.m.40 views

CentOS Update for openssl CESA-2010:0163 centos3 i386

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2010:0163 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.8CVSS6.8AI score0.87264EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.48 views

Debian DSA-1874-1 : nss - several vulnerabilities

Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the...

9.3CVSS7.7AI score0.05741EPSS
Exploits5References7
OpenVAS
OpenVAS
added 2010/01/20 12:0 a.m.33 views

RedHat Update for openssl RHSA-2010:0054-01

Check for the Version of openssl OpenVAS Vulnerability Test RedHat Update for openssl RHSA-2010:0054-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5.1CVSS7.7AI score0.08941EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/09/15 12:0 a.m.52 views

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : openssl vulnerability (USN-830-1)

Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. Note that...

5.1CVSS6.7AI score0.04506EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/09/10 12:0 a.m.42 views

RHEL 3 : seamonkey (RHSA-2009:1432)

Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client,...

10CVSS8AI score0.06724EPSS
Exploits9References15
OSV
OSV
added 2009/08/26 12:0 a.m.24 views

DSA-1874-1 nss - several vulnerabilities

Bulletin has no description...

9.3CVSS6.6AI score0.05741EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2009/08/20 12:0 a.m.33 views

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gnutls12, gnutls13, gnutls26 vulnerabilities (USN-809-1)

Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications...

7.5CVSS6.2AI score0.04506EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.42 views

Ubuntu USN-810-2 (fixed)

The remote host is missing an update to fixed announced via advisory USN-810-2. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of...

9.3CVSS0.6AI score0.05741EPSS
Exploits5References1
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.34 views

RedHat Security Advisory RHSA-2009:1207

The remote host is missing updates to Netscape Portable Runtime NSPR and Network Security Services NSS announced in advisory RHSA-2009:1207. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7...

9.3CVSS0.1AI score0.05741EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.31 views

Ubuntu USN-810-1 (nss)

The remote host is missing an update to nss announced via advisory USN-810-1. OpenVAS Vulnerability Test $Id: ubuntu8101.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8101.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-810-1 nss Authors: Thomas Reinke...

9.3CVSS0.5AI score0.05741EPSS
Exploits5References1
RedHat Linux
RedHat Linux
added 2009/08/12 2:31 p.m.49 views

Critical: Red Hat Security Advisory: nspr and nss security update

Updated nspr and nss packages that fix security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform independence for...

9.3CVSS7.2AI score0.05741EPSS
Exploits5References4
Ubuntu
Ubuntu
added 2009/08/04 9:19 p.m.89 views

USN-810-1: NSS vulnerabilities

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service via application crash or execute arbitrary code as the user invoking the program. CVE-2009-2404 Moxie...

9.3CVSS7.6AI score0.05741EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2009/07/31 12:0 a.m.47 views

RHEL 5 : nspr and nss (RHSA-2009:1186)

Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The packages with this update are identical to the packages...

9.3CVSS7.3AI score0.05741EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2009/07/31 12:0 a.m.35 views

RHEL 4 : nspr and nss (RHSA-2009:1184)

Updated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform independence for non-GUI operati...

9.3CVSS7.2AI score0.05741EPSS
Exploits5References7
Rows per page
Query Builder