Lucene search
K

7690 matches found

OSV
OSV
added 2022/03/25 12:0 a.m.25 views

GHSA-J7XG-5549-JR3J Improper Certificate Validation in OWASP ZAP

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4CVSS4.2AI score0.00654EPSS
Exploits0References5
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.16 views

Juniper Junos OS Path Traversal Vulnerability

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...

9.8CVSS5.3AI score0.04725EPSS
In wildExploits0
ATTACKERKB
ATTACKERKB
added 2022/03/24 4:15 a.m.4 views

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS5.9AI score0.00654EPSS
Exploits0References4
NVD
NVD
added 2022/03/24 4:15 a.m.14 views

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS0.00654EPSS
Exploits0References4
OSV
OSV
added 2022/03/24 4:15 a.m.17 views

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4CVSS4.4AI score
Exploits0References4
Prion
Prion
added 2022/03/24 4:15 a.m.20 views

Design/Logic Flaw

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS4.4AI score0.00654EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/03/24 3:33 a.m.16 views

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.7AI score0.00654EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2022/03/23 12:0 a.m.32 views

(Pwn2Own) NETGEAR R6700v3 Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The...

5CVSS2.5AI score0.00336EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/03/23 12:0 a.m.7 views

Fedora: Security Advisory for icecat (FEDORA-2022-42ea499a7d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Veracode
Veracode
added 2022/03/22 8:0 a.m.23 views

Denial Of Service (DoS)

github.com/Dreamacro/clash is vulnerable to denial of service. The vulnerability exists because the library does not limit the http or https configuration files, allowing an attacker to crash the application by providing an embedded malicious iframe with a crafted URL...

8.8CVSS1.2AI score0.00634EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/03/18 6:15 p.m.13 views

CVE-2020-25193

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

5.3CVSS0.00825EPSS
Exploits0References2
Prion
Prion
added 2022/03/18 6:15 p.m.18 views

Hardcoded credentials

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

5CVSS6AI score0.00825EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2022/03/18 6:0 p.m.6 views

CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

5.3CVSS5.3AI score0.00825EPSS
Exploits0References2
CVE
CVE
added 2022/03/18 6:0 p.m.89 views

CVE-2020-25193

The CVE-2020-25193 issue affects GE Reason RT430, RT431 and RT434 GNSS clocks with firmware versions prior to 08A06. The root cause is a hard-coded cryptographic key that allows an attacker to intercept and decrypt HTTPS traffic. Impact is partial confidentiality loss in encrypted communications....

5.3CVSS5.7AI score0.00825EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/18 5:28 p.m.159 views

Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363

Summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificat...

7.5CVSS7.1AI score0.03273EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/18 12:0 a.m.5 views

PT-2022-8710 · Ge · Ge Reason Rt430 +2

Name of the Vulnerable Software and Affected Versions: GE Reason RT430, RT431 & RT434 GNSS clocks versions prior to 08A06 Description: The issue allows attackers to intercept and decrypt encrypted traffic through an HTTPS connection by having access to the hard-coded cryptographic key. This could...

5.3CVSS5.2AI score0.00825EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.36 views

Juniper Junos OS Improper Certificate Validation (JSA11264)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11264 advisory. An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched...

7.4CVSS7.5AI score0.0055EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.41 views

Slackware Linux 15.0 / current python3 Vulnerability (SSA:2022-077-01)

The version of python3 installed on the remote host is prior to 3.9.11. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-077-01 advisory. - The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxie...

6.5CVSS7.5AI score0.02109EPSS
Exploits0References1
Fedora
Fedora
added 2022/03/17 6:37 p.m.29 views

[SECURITY] Fedora 36 Update: icecat-91.7.0-1.rh1.fc36

GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. HTTPS Everywhere HTTPS Everywhere is an extension that encrypts...

7.1AI score
Exploits0
NVD
NVD
added 2022/03/16 1:15 a.m.10 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5CVSS0.00523EPSS
Exploits0References1
Rows per page
Query Builder