2078 matches found
CVE-2019-15006
CVE-2019-15006 describes a MITM vulnerability in the Confluence Previews plugin used to communicate with the Atlassian Companion app via the atlassian-domain-for-localhost-connections-only.com hostname (DNS to 127.0.0.1). An attacker controlling DNS could observe or modify edited files; the certi...
Puppet Agent Trust Management Issue Vulnerability
Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Agent is a Puppet agent end program. A security vulnerability exists in...
Unspecified vulnerability in Cloudera CDH (CNVD-2020-14226)
Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.7.1 that stems from the inabilit...
DEBIAN-CVE-2019-19269
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...
CVE-2016-4572
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...
CVE-2016-4572
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...
Command injection
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...
CVE-2016-4572
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...
DEBIAN-CVE-2019-19271
An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...
DEBIAN-CVE-2019-19270
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...
CVE-2019-19271
An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...
Code injection
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...
UBUNTU-CVE-2019-19271
An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...
UBUNTU-CVE-2019-19270
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...
CVE-2019-19270
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...
CVE-2019-19270
ProFTPD TLS CRL check flaw: tls_verify_crl in ProFTPD up to 1.3.6b does not properly verify CRL entry fields, potentially allowing revoked certificates to connect. OpenSUSE/Fedora advisories fix CVE-2019-19270 by updating ProFTPD to 1.3.6b (and later) and related patches in 1.3.6/1.3.6a/b. Applie...
CVE-2019-19271
CVE-2019-19271 affects ProFTPD, where the tls_verify_crl check in versions before 1.3.6 uses a wrong iteration variable when comparing a client certificate against CRL entries. This can cause certain CRL entries to be ignored, potentially allowing clients with revoked certificates to establish a ...
PT-2019-15797 · Openssl +3 · Openssl +3
Name of the Vulnerable Software and Affected Versions: ProFTPD versions through 1.3.6b Description: An issue was discovered in the tls verify crl function. A dereference of a NULL pointer may occur when the OpenSSL sk X509 REVOKED value function encounters an empty CRL installed by a system...
PT-2019-15798 · Proftpd +2 · Proftpd +2
Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.7 Description: An issue was discovered in the tls verify crl function, which prevents some valid Certificate Revocation Lists CRLs from being taken into account. This can allow clients whose certificates have bee...
Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation (cisco-sa-20170726-anicrl)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Autonomic Networking feature because the affected software does not transfer certificate revocation lists CRLs across Autonomic Control Plane ACP channels. An unauthenticated, remote attacker can...