Lucene search
K

2079 matches found

Veracode
Veracode
added 2020/12/16 7:19 p.m.26 views

Ignored Certificate Revocation List

icinga2 ignores certificate revocation list. Revoked certificates due for renewal does not check against the certificate revocation list, and automatically renews the certificate...

9.1CVSS2.2AI score0.01554EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/12/15 11:15 p.m.2 views

DEBIAN-CVE-2020-29663

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3...

9.1CVSS7.2AI score0.01554EPSS
Exploits0References1
OSV
OSV
added 2020/12/15 11:15 p.m.2 views

UBUNTU-CVE-2020-29663

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3...

9.1CVSS7.1AI score0.01554EPSS
Exploits0References6
CVE
CVE
added 2020/12/15 10:15 p.m.174 views

CVE-2020-29663

CVE-2020-29663 affects Icinga 2. Versions affected: 2.8.0–2.11.7 and 2.12.2. Root cause: revoked certificates due for renewal are renewed automatically, bypassing the CRL check. Impact: certificate revocation not enforced for renewals (attack surface in TLS trust). Mitigation: upgrade to fixed re...

9.1CVSS8.7AI score0.01554EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/12/15 10:15 p.m.20 views

CVE-2020-29663

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3...

9.1CVSS7.9AI score0.01554EPSS
Exploits0
CNVD
CNVD
added 2020/12/15 12:0 a.m.2 views

Unspecified Vulnerability in Mozilla Firefox for Android (CNVD-2021-00394)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Android Firefox that stems from a lack of service initialization and OneCRL being non-functional in the new Android Firefox. This may result in the inability to enfor...

6.5CVSS8.4AI score0.00544EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2020/12/15 12:0 a.m.3 views

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

...

7.5CVSS9.3AI score0.04575EPSS
Exploits1
NVD
NVD
added 2020/12/14 8:15 p.m.27 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

7.5CVSS7.6AI score0.04575EPSS
Exploits1References19
OSV
OSV
added 2020/12/14 8:15 p.m.24 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

7.5CVSS9.4AI score0.04575EPSS
Exploits1References19
OSV
OSV
added 2020/12/14 8:15 p.m.1 views

ALPINE-CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

7.5CVSS7AI score0.04575EPSS
Exploits1References1
OSV
OSV
added 2020/12/14 8:15 p.m.1 views

DEBIAN-CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

7.5CVSS6.7AI score0.04575EPSS
Exploits1References1
Prion
Prion
added 2020/12/14 8:15 p.m.28 views

Input validation

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

5CVSS7.4AI score0.04575EPSS
Exploits1References19Affected Software11
Cvelist
Cvelist
added 2020/12/14 7:39 p.m.30 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

7.7AI score0.04575EPSS
Exploits1References19
CVE
CVE
added 2020/12/14 7:39 p.m.549 views

CVE-2020-8286

The CVE-2020-8286 issue affects curl/libcurl where OCSP responses were not verified correctly against the certificate, leaving room for fraudulent OCSP responses to appear valid and potentially bypass revocation checks. Reported range: curl versions 7.41.0 through 7.73.0. Impact phrasing in cited...

7.5CVSS7.6AI score0.04575EPSS
Exploits1References19Affected Software1
AlpineLinux
AlpineLinux
added 2020/12/14 7:39 p.m.38 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

7.5CVSS7.9AI score0.04575EPSS
Exploits1
Debian CVE
Debian CVE
added 2020/12/14 7:39 p.m.49 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

7.5CVSS6.8AI score0.04575EPSS
Exploits1
NCSC
NCSC
added 2020/12/10 12:0 a.m.4 views

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. When a remote malicious party manages to provide a rogue certificate and a rogue certificate-revocation-list manages to offer them to an ssl server or ssl client, a denial-of-service can be caused by doing so. OpenSSL has released updates to fix the...

5.9CVSS8.5AI score0.06968EPSS
Exploits3
OSV
OSV
added 2020/12/09 1:15 a.m.2 views

CVE-2020-26957

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...

6.5CVSS7.1AI score0.00544EPSS
Exploits0References2
OSV
OSV
added 2020/12/09 1:15 a.m.6 views

UBUNTU-CVE-2020-26957

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...

6.5CVSS7.3AI score0.00544EPSS
Exploits0References3
CVE
CVE
added 2020/12/09 12:21 a.m.158 views

CVE-2020-26957

CVE-2020-26957 : OneCRL was non-functional in the new Firefox for Android due to a missing service initialization, potentially causing failure to enforce certain certificate revocations. Affected product/variant: Firefox on Android (Firefox

6.5CVSS6.4AI score0.00544EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder