Lucene search
K

2077 matches found

Cvelist
Cvelist
added 2017/04/05 5:0 p.m.27 views

CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...

7.5AI score0.01791EPSS
Exploits0References7
CVE
CVE
added 2017/04/05 5:0 p.m.75 views

CVE-2015-4680

FreeRADIUS is affected by CVE-2015-4680. Versions 2.2.x prior to 2.2.8 and 3.0.x prior to 3.0.9 do not properly check revocation of intermediate CA certificates, potentially allowing certificates issued by revoked intermediate authorities to be trusted. The vulnerability’s impact is reflected as ...

7.5CVSS7.4AI score0.01791EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2017/04/05 5:0 p.m.23 views

CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...

7.5CVSS7.7AI score0.01791EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/03/31 8:0 p.m.30 views

CVE-2017-7374

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be...

7.8CVSS6.4AI score0.00799EPSS
Exploits0
OSV
OSV
added 2017/03/31 12:0 a.m.4 views

UBUNTU-CVE-2017-7374

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be...

7.8CVSS6.7AI score0.00799EPSS
Exploits0References8
Hacker One
Hacker One
added 2017/03/23 4:47 p.m.36 views

HackerOne: A HackerOne employee's GitHub personal access token exposed in Travis CI build logs

Summary A HackerOne employee Reed Loden GitHub:reedloden exposed their personal access token twice in build logs of the rubysec/rubysec.github.io project: 1. 2015-12-10 2. 2016-03-01 Description The token has publicrepo scope, which means that it allows access to any public repos the owner accoun...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2017/03/11 12:0 a.m.11 views

mbed TLS (PolarSSL) -- multiple vulnerabilities

Janos Follath reports: If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. Depending on the platform, this could result in a Denial of Service client crash or...

3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/03/02 12:0 a.m.5 views

The vulnerability of the iOS operating system, which allows a perpetrator to compromise the integrity of protected information

The vulnerability of the Mail component in the iOS operating system is related to the lack of a user alert regarding the revocation of the S/MIME email signature certificate. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

5CVSS7.2AI score0.01003EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/02/20 8:59 a.m.26 views

Session fixation

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...

3.6CVSS6.1AI score0.00324EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/02/20 8:59 a.m.3 views

CVE-2016-4686

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...

4.4CVSS5.8AI score0.00324EPSS
Exploits0References3
CVE
CVE
added 2017/02/20 8:35 a.m.65 views

CVE-2016-4686

CVE-2016-4686 affects iOS prior to 10.1 in the Contacts component. The issue is an access-control flaw where an application may maintain access to the Address Book after the user revokes it in Settings. The root cause is not fully detailed in the provided documents, but Apple’s iOS 10.1 security ...

4.4CVSS4.8AI score0.00324EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/01/23 9:59 p.m.19 views

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS9.3AI score0.04685EPSS
Exploits0References6
OSV
OSV
added 2017/01/23 9:59 p.m.17 views

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS7.1AI score
Exploits0References6
OSV
OSV
added 2017/01/23 9:59 p.m.3 views

DEBIAN-CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS9.3AI score0.04685EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/01/23 9:59 p.m.23 views

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS7.3AI score0.04685EPSS
Exploits0References4
Prion
Prion
added 2017/01/23 9:59 p.m.15 views

Session fixation

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

6.4CVSS7.3AI score0.04685EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/01/23 9:59 p.m.3 views

UBUNTU-CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS7.4AI score0.04685EPSS
Exploits0References5
CVE
CVE
added 2017/01/23 9:0 p.m.83 views

CVE-2016-6582

The CVE-2016-6582 entry concerns the Doorkeeper gem for Ruby, with versions prior to 4.2.0. The underlying issue is a failure to implement the OAuth 2.0 Token Revocation specification, which could allow remote attackers to conduct replay attacks or revoke arbitrary tokens. The available connected...

9.1CVSS9.1AI score0.04685EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2017/01/23 9:0 p.m.26 views

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS9.3AI score0.04685EPSS
Exploits0
ThreatPost
ThreatPost
added 2017/01/11 4:40 p.m.10 views

Buggy Domain Validation Forces GoDaddy to Revoke Certs

GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that dat...

0.5AI score
Exploits0References3
Rows per page
Query Builder