Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

219 matches found

OSV
OSVadded 2017/01/11 4:59 p.m.27 views

CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

3.7CVSS6.3AI score
Exploits0References2
Cvelist
Cvelistadded 2017/01/11 4:0 p.m.27 views

CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

3.6AI score0.00775EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2017/01/11 4:0 p.m.26 views

CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

3.7CVSS4.2AI score0.00775EPSS
Exploits0
Veracode
Veracodeadded 2017/01/09 5:19 a.m.17 views

Hostname Check Bypassing

pyOpenSSL is vulnerable to hostname check bypassing. This is because it does not properly handle hostnames in the certificate that contain null bytes.The string formatting of subjectAltName X509Extension instances incorrectly truncates fields of the name when encountering null bytes, allowing...

4.3CVSS5.8AI score0.01197EPSS
Exploits0References6Affected Software1
exploitpack
exploitpackadded 2014/08/29 12:0 a.m.47 views

NRPE 2.15 - Remote Code Execution

NRPE 2.15 - Remote Code Execution !/usr/bin/python Exploit Title : NRPE http://www.abcompcons.com/files/nrpeclient.py pyOpenSSL Library required http://pyopenssl.sourceforge.net/ root@localhost pip-python install pyOpenSSL NRPE = 2.15 Remote Command Execution Vulnerability Release date: 17.04.201...

7.5CVSS7AI score0.15312EPSS
Exploits6
Packet Storm
Packet Stormadded 2014/08/28 12:0 a.m.178 views

NRPE 2.15 Remote Command Execution

!/usr/bin/python Exploit Title : NRPE http://www.abcompcons.com/files/nrpeclient.py pyOpenSSL Library required http://pyopenssl.sourceforge.net/ root@localhost pip-python install pyOpenSSL NRPE = 2.15 Remote Command Execution Vulnerability Release date: 17.04.2014 Discovered by: Dawid Golunski...

7.5CVSS6.4AI score0.15312EPSS
Exploits6
Tenable Nessus
Tenable Nessusadded 2014/06/13 12:0 a.m.17 views

openSUSE Security Update : python-pyOpenSSL (openSUSE-SU-2013:1648-1)

update to 0.13.1 fixes the following security issue: NUL byte handling in subjectAltName bnc839107, CVE-2013-4314 CVE-2013-4314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-82...

4.3CVSS8.2AI score0.01197EPSS
Exploits0References3
F5 Networks
F5 Networksadded 2014/04/10 12:0 a.m.30 views

SOL15151 - pyOpenSSL vulnerability CVE-2013-4314

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

4.3CVSS2.7AI score0.01197EPSS
Exploits0References4
NVD
NVDadded 2013/09/30 9:55 p.m.12 views

CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

4.3CVSS6.2AI score0.01197EPSS
Exploits0References6
OSV
OSVadded 2013/09/30 9:55 p.m.1 views

DEBIAN-CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

4.3CVSS6.8AI score0.01197EPSS
Exploits0References1
OSV
OSVadded 2013/09/30 9:55 p.m.9 views

CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

9AI score
Exploits0References6
Prion
Prionadded 2013/09/30 9:55 p.m.12 views

Design/Logic Flaw

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

4.3CVSS6.7AI score0.01197EPSS
Exploits0References6Affected Software2
PyPA
PyPAadded 2013/09/30 9:55 p.m.4 views

PYSEC-2013-31

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

4.3CVSS6.8AI score0.01197EPSS
Exploits0References7Affected Software1
CVE
CVEadded 2013/09/30 9:0 p.m.86 views

CVE-2013-4314

CVE-2013-4314 affects pyOpenSSL up to, but not including, 0.13.1. The X509Extension code fails to properly handle a NUL byte in a domain name inside the SAN of an X.509 certificate, enabling a MITM attacker to spoof an SSL server via a certificate issued by a trusted CA. Root cause: incorrect han...

4.3CVSS6.1AI score0.01197EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2013/09/30 9:0 p.m.27 views

CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

6AI score0.01197EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2013/09/30 9:0 p.m.18 views

CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

4.3CVSS6AI score0.01197EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2013/09/25 12:0 a.m.25 views

Debian DSA-2763-1 : pyopenssl - hostname check bypassing

It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for 'www.foo.org\0.example.com' from a CA that a SSL client...

4.3CVSS8.2AI score0.01197EPSS
Exploits0References5
Debian
Debianadded 2013/09/24 4:54 p.m.16 views

[SECURITY] [DSA 2763-1] pyopenssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2763-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 24, 2013 http://www.debian.org/security/faq -...

4.3CVSS2AI score0.01197EPSS
Exploits0
Debian
Debianadded 2013/09/24 4:54 p.m.19 views

[SECURITY] [DSA 2763-1] pyopenssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2763-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 24, 2013 http://www.debian.org/security/faq -...

4.3CVSS5.7AI score0.01197EPSS
Exploits0
OpenVAS
OpenVASadded 2013/09/24 12:0 a.m.11 views

Fedora Update for pyOpenSSL FEDORA-2013-15881

Check for the Version of pyOpenSSL OpenVAS Vulnerability Test Fedora Update for pyOpenSSL FEDORA-2013-15881 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

7.4AI score
Exploits0References2
Rows per page
Query Builder