Lucene search
K

23 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 days ago6 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer...

9.1CVSS7.5AI score0.02667EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS6.1AI score0.00743EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 3:0 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager (CVE-2025-68161, CVE-2026-1726)

Summary Security Vulnerabilities have been addressed in IBM Guardium Key Lifecycle Manager Vulnerability Details CVEID:CVE-2026-1726 DESCRIPTION: IBM Security Guardium enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers cou...

6.3CVSS6.1AI score0.00743EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Oracle Identity Manager (April 2026 CPU)

The 14.1.2.1.0 version of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Identity Console. Easily exploitable...

6.3CVSS6.2AI score0.00743EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/13 5:20 p.m.8 views

CVE-2026-34477

A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle MITM attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security TLS with a nested element, and the attacker has a...

6.8CVSS5.7AI score0.00395EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

Debian dla-4444 : liblog4j2-java - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4444 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4444-1 [email protected] https://www.debian.org/lts/security/...

6.3CVSS7.2AI score0.00743EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 4 : jakarta-commons-httpclient-3.1-0.9.AXS4 (AXSA:2014-529:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-529:01 advisory. Description: The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled applianc...

5.8CVSS6.4AI score0.09149EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-5958

Malware in sbrugna...

5.8CVSS6AI score0.00601EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0310

Malware in sbrugna...

4.3CVSS6.1AI score0.01326EPSS
Exploits0References11
NVD
NVD
added 2025/06/18 2:15 p.m.13 views

CVE-2025-49015

The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...

4.9CVSS0.00192EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:38 a.m.11 views

CVE-2012-5798

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.9AI score0.00566EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/05/07 4:12 p.m.3 views

CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS6.8AI score0.0016EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/24 5:41 p.m.7 views

Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS7.6AI score0.00877EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/11/04 10:5 a.m.5 views

SUSE-SU-2020:3149-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

5.8CVSS6.5AI score0.19312EPSS
Exploits1References5
OSV
OSV
added 2016/04/04 6:12 p.m.14 views

USN-2945-1 xchat-gnome vulnerability

It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a machine-in-the-middle attack...

5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.4 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS7.2AI score0.09149EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/03/24 9:5 p.m.5 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix

It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.2 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS7.2AI score0.09149EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/09/29 8:22 p.m.6 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix

It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS6.7AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/04 4:11 p.m.4 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS6.7AI score0.09149EPSS
Exploits1References4
Rows per page
Query Builder