CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hacker One•added 2021/01/21 9:57 a.m.•36 views

LY Corporation: Webview address bar spoofing in LINE client for iOS

When navigation to an invalid hostname occurs, the address bar is updated even though the navigation is cancelled. Due to this incorrect timing of updating the address bar and applying URL normalization, it can be recognized as a different hostname from the actual hostname. As a result, attacker...

5CVSS5.2AI score0.00209EPSS

Tenable Nessus•added 2020/12/22 12:0 a.m.•49 views

Virtuozzo 6 : python / python-devel / python-libs / python-test / etc (VZLSA-2019-1467)

An update for python is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.2AI score0.08764EPSS

RedHat Linux•added 2020/12/16 3:21 p.m.•0 views

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

4.3CVSS6.7AI score0.00283EPSS

Tenable Nessus•added 2020/12/15 12:0 a.m.•185 views

Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2019-2343)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS7AI score0.43022EPSS

Veracode•added 2020/12/10 4:31 p.m.•28 views

Denial Of Service (DoS)

openldap is vulnerable to denial of service. An assertion failure in CSN normalization allows an attacker to crash the application with malicious input...

7.5CVSS3.4AI score0.1746EPSS

Exploits0References15Affected Software3

Debian•added 2020/12/04 5:35 p.m.•96 views

[SECURITY] [DLA 2481-1] openldap security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2481-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 04, 2020 https://wiki.debian.org/LTS -...

7.5CVSS8.6AI score0.35675EPSS

Debian•added 2020/11/17 2:50 p.m.•53 views

[SECURITY] [DSA 4792-1] openldap security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4792-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2020 https://www.debian.org/security/faq -...

5CVSS1.1AI score0.35675EPSS

CNNVD•added 2020/11/17 12:0 a.m.•2 views

OpenLDAP Security Vulnerabilities

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol LDAP from the OpenLDAP Openldap Foundation in the United States. A security vulnerability exists in OpenLDAP CSN Normalization, which can be exploited by an attacker to trigger a denial of service by forcing an...

7.5CVSS7.1AI score0.1746EPSS

Exploits0References28

Mageia•added 2020/11/10 3:20 p.m.•46 views

Updated openldap packages fix a security vulnerability

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet CVE-2020-25692. Also, the PID file path in the systemd service was fixed to...

7.5CVSS2AI score0.04749EPSS

OpenVAS•added 2020/11/03 12:0 a.m.•10 views

Debian: Security Advisory (DLA-2425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04749EPSS

Tenable Nessus•added 2020/11/02 12:0 a.m.•21 views

Debian DSA-4782-1 : openldap - security update

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet. C Tenab...

7.5CVSS7.4AI score0.04749EPSS

Tenable Nessus•added 2020/11/02 12:0 a.m.•16 views

Debian DLA-2425-1 : openldap security update

5.6AI score

CNVD•added 2020/10/12 12:0 a.m.•21 views

Envoy has an unspecified vulnerability (CNVD-2021-58577)

Envoy is an open source distributed proxy server. a security vulnerability exists in Envoy, which stems from the fact that Envoy hosts between 2d69e30 and 3b5acb2 may not be able to resolve request URLs that require host normalization. no details of the vulnerability are currently available...

7.5CVSS1.4AI score0.02911EPSS

Exploits0References1

Hacker One•added 2020/09/23 8:51 a.m.•20 views

LY Corporation: Path traversal in a Tomcat server

A path traversal vulnerability was discovered in a Tomcat server, which allowed an attacker to access internal resources such as the administrator page. The vulnerability was caused by a misconfiguration between the reverse proxy and the WAS, and occurred when the attacker entered the string "..;...

6.9AI score

RedHat Linux•added 2020/09/17 1:7 p.m.•1 views

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

8.1CVSS5.7AI score0.00463EPSS