Lucene search
+L

483 matches found

RedHat Linux
RedHat Linux
added 2016/07/27 8:24 a.m.3 views

python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate,...

4.3CVSS7.4AI score0.04857EPSS
Exploits0References4
CNVD
CNVD
added 2016/05/31 12:0 a.m.8 views

IBM Rational ClearCase Unauthorized Operation Vulnerability

IBM Rational ClearCase is a suite of software configuration management solutions from IBM in the United States. The solution provides version control, workspace management, parallel development support and build auditing. A security vulnerability exists in IBM Rational ClearCase that stems from t...

7.4CVSS6.8AI score0.01167EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/19 12:0 a.m.3 views

Proxmox VE Insecure Hostname Checking Vulnerability

Proxmox VE Proxmox Virtual Environment is an environment with integrated OPENVZ support for KVM applications. Since Proxmox VE fails to validate the "hostname" parameter provided by the user, CRLF injection is able to overwrite the configuration file. Attackers are able to obtain user credentials...

7.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/03/31 9:50 p.m.5 views

mysql: ssl-validate-cert incorrect hostname check

It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client...

5.9CVSS7.1AI score0.03741EPSS
Exploits0References5
Prion
Prion
added 2015/08/25 5:59 p.m.21 views

Design/Logic Flaw

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

4.3CVSS6.9AI score0.08934EPSS
Exploits0References8Affected Software2
CNVD
CNVD
added 2015/06/26 12:0 a.m.1 views

RubyGems Redirection Vulnerability

RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. RubyGems programs fail to validate hostnames when fetching gem or constructing API requests, allowing remote attackers to submit specially crafted DNS SRV records to redirect...

5CVSS7.1AI score0.08934EPSS
Exploits0References1
OSV
OSV
added 2015/06/24 2:59 p.m.1 views

DEBIAN-CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...

5CVSS7AI score0.08934EPSS
Exploits0References1
OSV
OSV
added 2015/06/24 2:59 p.m.8 views

CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...

5CVSS5.7AI score0.08934EPSS
Exploits0References12
Cvelist
Cvelist
added 2015/06/24 2:0 p.m.42 views

CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...

6.2AI score0.08934EPSS
Exploits0References11
NVD
NVD
added 2015/01/28 11:59 a.m.14 views

CVE-2015-1376

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com...

4CVSS6.5AI score0.33974EPSS
Exploits2References6
Prion
Prion
added 2015/01/28 11:59 a.m.18 views

Code injection

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com...

4CVSS7AI score0.33974EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2014/05/05 5:6 p.m.7 views

PYSEC-2014-94

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.8AI score0.00907EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2014/03/19 5:28 p.m.15 views

MGASA-2014-0133 Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

9.8CVSS10AI score0.61665EPSS
Exploits4References4
Debian CVE
Debian CVE
added 2014/02/27 1:0 a.m.85 views

CVE-2014-1263

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...

4.3CVSS6.1AI score0.02862EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2013/05/24 12:0 a.m.13 views

CVE-2013-3109

SSL vaildation failed to validate hostnames...

5.9AI score
Exploits0References2
OSV
OSV
added 2013/05/24 12:0 a.m.2 views

UBUNTU-CVE-2013-3109

SSL vaildation failed to validate hostnames...

5.8AI score
Exploits0References3
Prion
Prion
added 2012/11/04 10:55 p.m.22 views

Code injection

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

5.8CVSS7AI score0.00778EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2012/11/04 12:0 a.m.8 views

PT-2012-6129 · Codehaus · Xfire

Name of the Vulnerable Software and Affected Versions: Codehaus XFire versions 1.2.6 and earlier Description: The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the...

7.4CVSS7.3AI score0.00778EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2011/05/13 10:55 p.m.21 views

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

4.3CVSS5.7AI score0.04246EPSS
Exploits1References1
securityvulns
securityvulns
added 2005/01/13 12:0 a.m.32 views

HylaFAX hfaxd unauthorized fax access

During authorization of fax access by hostname, hostname sent by remote side is used...

2.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder