Lucene search
K

92 matches found

Tenable Nessus
Tenable Nessus
added 2010/10/06 12:0 a.m.27 views

Mandriva Linux Security Advisory : libesmtp (MDVSA-2010:195)

Multiple vulnerabilities has been found and corrected in libesmtp : libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' NUL character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

6.8CVSS7.6AI score0.05741EPSS
Exploits4References2
ALT Linux
ALT Linux
added 2010/10/05 12:0 a.m.24 views

Security fix for the ALT Linux 6 package libesmtp version 1.0.6-alt1

Oct. 5, 2010 Vladimir Lettiev 1.0.6-alt1 - New version 1.0.6: + Fixed CVE-2010-1192, CVE-2010-1194 certificate validation flaws - Build changes: + Disabled static build + Fixed install section + Plugins moved from devel subpackage to the main...

6.8CVSS6.1AI score0.01176EPSS
Exploits0
ALT Linux
ALT Linux
added 2010/10/05 12:0 a.m.21 views

Security fix for the ALT Linux 5 package libesmtp version 1.0.4-alt2.1.0.M50P.1

Oct. 5, 2010 Vladimir Lettiev 1.0.4-alt2.1.0.M50P.1 - Fixed CVE-2010-1192, CVE-2010-1194 certificate validation flaws. Fix backported from 1.0.6...

6.8CVSS6.2AI score0.01176EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/05/07 12:0 a.m.22 views

openSUSE Security Update : libesmtp (openSUSE-SU-2010:0220-1)

libesmtp did not properly handle wildcards and embedded null characters in the Common Name of X.509 certificates CVE-2010-1192, CVE-2010-1194. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

6.8CVSS5.2AI score0.01176EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2010/04/06 12:0 a.m.28 views

libESMTP multiple vulnerabilities

This host has libESMTP installed and is prone to multiple vulnerabilities. Vulnerabilities Insight: Multiple flaws are due to: - An error in 'matchcomponent' function in 'smtp-tls.c' when processing substrings. It treats two strings as equal if one is a substring of the other, which allows...

6.8CVSS0.4AI score0.01176EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2010/04/06 12:0 a.m.17 views

libESMTP Detection (Linux/Unix SSH Login)

SSH login-based detection of libESMTP. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800496";...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2010/04/06 12:0 a.m.29 views

libESMTP <= 1.0.4 Multiple Vulnerabilities

libESMTP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:stafford.uklinux:libesmtp";...

6.8CVSS6.4AI score0.01176EPSS
Exploits0References4
Prion
Prion
added 2010/03/31 6:0 p.m.15 views

Code injection

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

6.8CVSS6.9AI score0.01176EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2010/03/31 6:0 p.m.24 views

CVE-2010-1192

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

6.8CVSS5.9AI score0.00865EPSS
Exploits0References2
NVD
NVD
added 2010/03/31 6:0 p.m.20 views

CVE-2010-1192

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

6.8CVSS6.2AI score0.00865EPSS
Exploits0References4
NVD
NVD
added 2010/03/31 6:0 p.m.12 views

CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

6.8CVSS5.6AI score0.01176EPSS
Exploits0References5
OSV
OSV
added 2010/03/31 6:0 p.m.1 views

DEBIAN-CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

6.8CVSS6.5AI score0.01176EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2010/03/31 6:0 p.m.22 views

CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

6.8CVSS5.9AI score0.01176EPSS
Exploits0References2
OSV
OSV
added 2010/03/31 6:0 p.m.8 views

CVE-2010-1192

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

5.6AI score
Exploits0References4
OSV
OSV
added 2010/03/31 6:0 p.m.7 views

CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

6.7AI score
Exploits0References5
OSV
OSV
added 2010/03/31 6:0 p.m.2 views

DEBIAN-CVE-2010-1192

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

6.8CVSS6.8AI score0.00865EPSS
Exploits0References1
Prion
Prion
added 2010/03/31 6:0 p.m.36 views

Design/Logic Flaw

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

6.8CVSS8.9AI score0.05741EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2010/03/31 5:35 p.m.25 views

CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

5.5AI score0.01176EPSS
Exploits0References5
Cvelist
Cvelist
added 2010/03/31 5:35 p.m.44 views

CVE-2010-1192

libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

6.3AI score0.00865EPSS
Exploits0References4
CVE
CVE
added 2010/03/31 5:35 p.m.70 views

CVE-2010-1192

CVE-2010-1192 affects libESMTP (likely 1.0.4 and earlier). The issue is improper handling of a NULL ('\0') character in the domain name within the Common Name field of an X.509 certificate, enabling MITM attackers to spoof SSL servers via a certificate issued by a legitimate CA. The description n...

6.8CVSS6AI score0.00865EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder