Lucene search
+L

5 matches found

OSV
OSV
added 2022/05/13 1:9 a.m.5 views

GHSA-HGG6-8X62-M9GF Improper Certificate Validation in Apache CXF

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers...

5.3CVSS6.5AI score0.11167EPSS
Exploits0References11
Ubuntu
Ubuntu
added 2022/05/04 1:21 p.m.178 views

USN-5402-1: OpenSSL vulnerabilities

Elison Niven discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to execute arbitrary commands when crehash is run. CVE-2022-1292 Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote...

10CVSS6.9AI score0.83223EPSS
Exploits5
OSV
OSV
added 2022/05/04 12:0 a.m.34 views

GHSA-MFM6-R9G2-Q4R7 `OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

5.3CVSS7AI score0.01174EPSS
Exploits0References7
RustSec
RustSec
added 2022/05/03 12:0 p.m.33 views

`OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

5.3CVSS1.5AI score0.01174EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/03 12:0 p.m.35 views

RUSTSEC-2022-0027 `OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

5.3CVSS7AI score0.01174EPSS
Exploits0References3
Rows per page
Query Builder