Lucene search
K

2078 matches found

UbuntuCve
UbuntuCve
added 2019/03/27 6:29 p.m.21 views

CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

6.5CVSS6.8AI score0.00817EPSS
Exploits1References3
OSV
OSV
added 2019/03/27 6:29 p.m.28 views

CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

6.5CVSS6.5AI score
Exploits0References1
OSV
OSV
added 2019/03/27 6:29 p.m.4 views

ALPINE-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

6.5CVSS6.9AI score0.00817EPSS
Exploits1References1
OSV
OSV
added 2019/03/27 6:29 p.m.3 views

DEBIAN-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

6.5CVSS7AI score0.00817EPSS
Exploits1References1
CVE
CVE
added 2019/03/27 5:26 p.m.162 views

CVE-2018-12546

The CVE describes a vulnerability in Eclipse Mosquitto where, for versions 1.0–1.5.5, a retained message published to a topic remains delivered to future subscribers after that client’s access to the topic is revoked, potentially enabling effects not allowed by normal access controls. This is a s...

6.5CVSS6.4AI score0.00817EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2019/03/27 5:26 p.m.33 views

CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

6.5CVSS6.6AI score0.00817EPSS
Exploits1
Veracode
Veracode
added 2019/01/15 8:57 a.m.22 views

Authorization Bypass

ipa is vulnerable to authorization bypass attacks. The vulnerability exists as the default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes...

4.3CVSS6AI score0.01189EPSS
Exploits0References153Affected Software1
Veracode
Veracode
added 2019/01/15 8:52 a.m.24 views

Improper Invalidation Of Token

openstack-keystone is vulnerable to access bypass attacks. The vulnerability exists as the memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not inclu...

5CVSS6AI score0.01367EPSS
Exploits1References8Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.27 views

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. This is due to the way PKI tokens are revoked, which allow users with revoked tokens to retain access to resources that should no longer be accessible...

5CVSS6.2AI score0.03067EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2018/10/31 2:29 p.m.17 views

Code injection

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...

6CVSS7.5AI score0.00554EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/10/31 2:29 p.m.16 views

CVE-2018-15326

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...

7.5CVSS7.5AI score0.00554EPSS
Exploits0References2
OSV
OSV
added 2018/10/31 2:29 p.m.2 views

CVE-2018-15326

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...

7.5CVSS5.8AI score0.00554EPSS
Exploits0References2
CVE
CVE
added 2018/10/31 2:0 p.m.52 views

CVE-2018-15326

Mode C: CVE-2018-15326 affects BIG-IP APM applying CRLDP authentication; the policy agent may treat revoked certs as valid if the system cannot download a new CRL. Vulnerable versions include BIG-IP APM 14.x (14.0.0–14.0.0.2, 14.0.0.3 listed as vulnerable; fixes introduced in 14.1.0), 13.x (13.0....

7.5CVSS7.4AI score0.00554EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/31 2:0 p.m.20 views

CVE-2018-15326

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...

7.5AI score0.00554EPSS
Exploits0References2
Citrix
Citrix
added 2018/09/19 12:0 a.m.9 views

Error "The server certificate could not be checked for revocation as required by your SSL policy settings. No certificate revocation providers could be loaded."

When trying to launch published application on Mac machine, we get an error"The server certificate could not be checked for revocation as required by your SSL policy settings. No certificate revocation providers could be loaded."...

7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/08/22 12:0 a.m.4 views

September 19, 2017—KB4038774 (Preview of Monthly Rollup)

September 19, 2017—KB4038774 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4038792released September 12, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresse...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/08/16 3:1 p.m.2 views

tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates

When using pre-produced responses from an OCSP responder, Tomcat Native did not correctly validate the status of certificates. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual...

7.4CVSS7.1AI score0.04199EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.2 views

tomcat-native: Mishandled OCSP invalid response

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS7.1AI score0.04068EPSS
Exploits0References6
OSV
OSV
added 2018/08/14 4:29 p.m.5 views

CVE-2018-2451

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

6.6CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2018/08/13 8:49 p.m.7 views

GHSA-5P9F-55J8-922M Moderate severity vulnerability that affects doorkeeper

Withdrawn, accidental duplicate publish. The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS9.2AI score0.04685EPSS
Exploits0References2
Rows per page
Query Builder