Lucene search
K

7690 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2022/02/06 12:0 a.m.18 views

Server-Side Request Forgery (SSRF)

In Apache Traffic Control Traffic Ops, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...

7.5CVSS1.2AI score0.01978EPSS
Exploits0References2Affected Software1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2022/01/31 11:44 a.m.21 views

What is an SSL certificate ❓ Meaning and Types

Introduction Website/application owners have tons of aspects to look into. However, ensuring end-to-end security ranks top as it is the most crucial factor that an end-user watches out for. Additionally, improved security bags higher ranking, and better SEO. SSL certificate is one of the many...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.14 views

Mageia: Security Advisory (MGASA-2014-0257)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.7AI score0.01602EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.28 views

Mageia: Security Advisory (MGASA-2018-0458)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.06114EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2015-0091)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.7AI score0.03269EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2020-0427)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.1AI score0.0247EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2016-0207)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.04335EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2013-0234)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.7AI score0.02333EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.28 views

Mageia: Security Advisory (MGASA-2014-0168)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.8AI score0.3263EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2021-0065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7AI score0.01569EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2022/01/27 9:44 p.m.42 views

Let’s Encrypt to revoke “mis-issued” certificates

If you use a Let’s Encrypt SSL/TLS certificate, you may wish to check your account over the coming days. Revocation is coming, and you’ve only got until tomorrow to figure things out. What’s the deal with free certificates? If you’re running a website, you want to make sure that it’s HTTPs. It...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/01/27 2:11 p.m.2 views

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS6.8AI score0.06886EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2022/01/20 11:40 a.m.142 views

USN-5021-2: curl vulnerability

USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data...

5.3CVSS6.5AI score0.04929EPSS
Exploits2
OpenVAS
OpenVAS
added 2022/01/20 12:0 a.m.27 views

Drupal 7.x < 7.86 Multiple XSS Vulnerabilities (SA-CORE-2022-002) - Linux

Drupal is prone to multiple cross-site scripting XSS vulnerabilities in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.1AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 10:14 p.m.19 views

Security Bulletin: IBM® Security SOAR could be vulnerable to a downgrade attack because of missing Strict-Transport-Security headers for some endpoints (CVE-2021-29785).

Summary IBM® Security SOAR, is missing Strict-Transport-Security headers for some endpoints that help prevent HTTPS downgrade attacks. This is addressed by upgrading IBM Security SOAR to the latest build of v43.1. Vulnerability Details CVEID: CVE-2021-29785 DESCRIPTION: IBM Resilient could allow ...

5.9CVSS5.1AI score0.01299EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/01/19 1:15 a.m.23 views

CVE-2022-22156

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...

7.4CVSS0.0055EPSS
Exploits1References1
Prion
Prion
added 2022/01/19 1:15 a.m.22 views

Input validation

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...

5.8CVSS7.4AI score0.0055EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/01/19 12:20 a.m.22 views

CVE-2022-22156 Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...

6.5CVSS7.6AI score0.0055EPSS
Exploits1References1
CVE
CVE
added 2022/01/19 12:20 a.m.87 views

CVE-2022-22156

CVE-2022-22156 affects Juniper Networks Junos OS. The issue is an improper certificate validation when fetching system scripts via HTTPS, enabling potential Man-in-the-Middle attacks that could compromise integrity and confidentiality. Affected products include Junos OS across multiple released v...

7.4CVSS6.9AI score0.0055EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.4 views

Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure 安全漏洞

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure are both products of Cisco Corporation.Cisco Evolved Programmable Network Manager is a network management Cisco Prime Infrastructure is a software application. Cisco Evolved Programmable Network Manager is a network...

6.5CVSS5.6AI score0.01649EPSS
Exploits0References6
Rows per page
Query Builder