Lucene search
K

2078 matches found

CVE
CVE
added 2019/12/19 12:50 a.m.138 views

CVE-2019-15006

CVE-2019-15006 describes a MITM vulnerability in the Confluence Previews plugin used to communicate with the Atlassian Companion app via the atlassian-domain-for-localhost-connections-only.com hostname (DNS to 127.0.0.1). An attacker controlling DNS could observe or modify edited files; the certi...

6.5CVSS6.2AI score0.01905EPSS
Exploits0References5Affected Software2
CNVD
CNVD
added 2019/12/18 12:0 a.m.3 views

Puppet Agent Trust Management Issue Vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Agent is a Puppet agent end program. A security vulnerability exists in...

5.4CVSS8.7AI score0.00608EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/03 12:0 a.m.2 views

Unspecified vulnerability in Cloudera CDH (CNVD-2020-14226)

Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.7.1 that stems from the inabilit...

8.8CVSS7AI score0.00861EPSS
Exploits0References1
OSV
OSV
added 2019/11/30 11:15 p.m.0 views

DEBIAN-CVE-2019-19269

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

4.9CVSS6AI score0.01645EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 2:15 p.m.1 views

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

8.8CVSS5.8AI score0.00861EPSS
Exploits0References1
NVD
NVD
added 2019/11/26 2:15 p.m.13 views

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

8.8CVSS8.9AI score0.00861EPSS
Exploits0References1
Prion
Prion
added 2019/11/26 2:15 p.m.16 views

Command injection

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

6.5CVSS7.4AI score0.00861EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/26 1:51 p.m.17 views

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

8.9AI score0.00861EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 4:15 a.m.2 views

DEBIAN-CVE-2019-19271

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

7.5CVSS6.4AI score0.01122EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 4:15 a.m.2 views

DEBIAN-CVE-2019-19270

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...

7.5CVSS6AI score0.01014EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/11/26 4:15 a.m.21 views

CVE-2019-19271

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

7.5CVSS6.8AI score0.01122EPSS
Exploits0References2
Prion
Prion
added 2019/11/26 4:15 a.m.44 views

Code injection

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...

5CVSS7.5AI score0.01014EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2019/11/26 4:15 a.m.1 views

UBUNTU-CVE-2019-19271

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

7.5CVSS6.8AI score0.01122EPSS
Exploits0References3
OSV
OSV
added 2019/11/26 4:15 a.m.2 views

UBUNTU-CVE-2019-19270

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...

7.5CVSS6.4AI score0.01014EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/11/26 3:34 a.m.27 views

CVE-2019-19270

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...

8AI score0.01014EPSS
Exploits0References4
CVE
CVE
added 2019/11/26 3:34 a.m.593 views

CVE-2019-19270

ProFTPD TLS CRL check flaw: tls_verify_crl in ProFTPD up to 1.3.6b does not properly verify CRL entry fields, potentially allowing revoked certificates to connect. OpenSUSE/Fedora advisories fix CVE-2019-19270 by updating ProFTPD to 1.3.6b (and later) and related patches in 1.3.6/1.3.6a/b. Applie...

7.5CVSS7.9AI score0.01014EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2019/11/26 3:33 a.m.935 views

CVE-2019-19271

CVE-2019-19271 affects ProFTPD, where the tls_verify_crl check in versions before 1.3.6 uses a wrong iteration variable when comparing a client certificate against CRL entries. This can cause certain CRL entries to be ignored, potentially allowing clients with revoked certificates to establish a ...

7.5CVSS7.5AI score0.01122EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/11/26 12:0 a.m.4 views

PT-2019-15797 · Openssl +3 · Openssl +3

Name of the Vulnerable Software and Affected Versions: ProFTPD versions through 1.3.6b Description: An issue was discovered in the tls verify crl function. A dereference of a NULL pointer may occur when the OpenSSL sk X509 REVOKED value function encounters an empty CRL installed by a system...

10CVSS5.7AI score0.74254EPSS
Exploits8References68
Positive Technologies
Positive Technologies
added 2019/11/25 12:0 a.m.4 views

PT-2019-15798 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.7 Description: An issue was discovered in the tls verify crl function, which prevents some valid Certificate Revocation Lists CRLs from being taken into account. This can allow clients whose certificates have bee...

9.8CVSS6AI score0.57606EPSS
Exploits4References53
Tenable Nessus
Tenable Nessus
added 2019/11/20 12:0 a.m.29 views

Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation (cisco-sa-20170726-anicrl)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Autonomic Networking feature because the affected software does not transfer certificate revocation lists CRLs across Autonomic Control Plane ACP channels. An unauthenticated, remote attacker can...

7.5CVSS7.4AI score0.00924EPSS
Exploits0References3
Rows per page
Query Builder