Lucene search
K

2077 matches found

RedHat Linux
RedHat Linux
added 2015/06/30 4:42 a.m.1 views

OpenSSL: out-of-bounds read in X509_cmp_time

An out-of-bounds read flaw was found in the X509cmptime function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL Certificate Revocation List, which when parsed by an application would cause...

7.5CVSS7.1AI score0.74483EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.33 views

FreeRADIUS

Insufficient certificate revocations checks...

5CVSS2.2AI score0.01791EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2015/06/22 12:0 a.m.29 views

freeradius -- insufficient CRL application vulnerability

oCERT reports: The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...

7.5CVSS7.6AI score0.01791EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/06/15 8:48 p.m.2 views

OpenSSL: out-of-bounds read in X509_cmp_time

An out-of-bounds read flaw was found in the X509cmptime function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL Certificate Revocation List, which when parsed by an application would cause...

7.5CVSS7.1AI score0.74483EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/15 8:48 p.m.59 views

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

7.5CVSS6.8AI score0.74483EPSS
Exploits1References8
Hacker One
Hacker One
added 2015/04/21 2:44 p.m.46 views

Vimeo: API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass

OAuth2 API makes it possible for users to grant access to their accounts to some third-side applications. Of course, users are able to manage such applications' access to their accounts and may deny access for any application. When some user denies access for the application, all accesstokens are...

Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2015/04/08 11:4 a.m.42 views

Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)

Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox: Miscellaneous...

7.5CVSS0.1AI score0.67465EPSS
Exploits4References13
ThreatPost
ThreatPost
added 2015/04/01 10:41 a.m.12 views

Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37

Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don’t support HTTPS. The new feature gives users a new defense against some for...

7.7AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2015/03/25 12:0 a.m.36 views

FreeBSD : libuv -- incorrect revocation order while relinquishing privileges (996bce94-d23d-11e4-9463-9cb654ea3e1c)

Nodejs releases reports : CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques...

10CVSS8AI score0.03242EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2015/03/14 12:0 a.m.44 views

libuv -- incorrect revocation order while relinquishing privileges

Nodejs releases reports: CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges...

10CVSS6.7AI score0.03242EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/03/04 10:47 a.m.20 views

Firefox 37 to Include New OneCRL Certificate Blocklist

The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP online certificate status...

0.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/11/26 12:0 a.m.45 views

OracleVM 3.3 : nss (OVMSA-2014-0014)

The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Update some patches on account of the rebase - Resolves: Bug 1099619 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 - Remov...

7.5CVSS6.3AI score0.04399EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.29 views

RHEL 5 : pki (RHSA-2012:1103)

Updated pki-common, pki-tps and pki-util packages that fix multiple security issues and add one enhancement are now available for Red Hat Certificate System 8.1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

5.5CVSS6.2AI score0.01373EPSS
Exploits1References5
myhack58
myhack58
added 2014/10/15 12:0 a.m.31 views

Google released SSLv3 vulnerability summary analysis report-vulnerability warning-the black bar safety net

! This morning, Google released a SSLv3 vulnerability a brief analysis of the report. According to Google's statement,the exploit runs through all of the SSLv3 version, the use of the vulnerability, the hacker can by a man in the middle attacks, etc. in a similar manneras long as the hijacking of...

0.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/01 12:0 a.m.50 views

CentOS 5 : nss (CESA-2014:1246)

Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

10CVSS8AI score0.06381EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.3 views

openstack-keystone: domain-scoped tokens don't get revoked

It was discovered that domain-scoped tokens were not revoked when a domain was disabled. Only OpenStack Identity setups configured to make use of revocation events were affected...

4.9CVSS5.8AI score0.01488EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.1 views

openstack-keystone: token expiration date stored incorrectly

A flaw was found in keystone revocation events that resulted in the "issuedat" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID...

4.9CVSS5.7AI score0.01515EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.43 views

Low: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring Syst...

4.9CVSS5.8AI score0.01592EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.2 views

openstack-keystone: revocation events are broken with mysql

It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected...

4.9CVSS5.7AI score0.01592EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.43 views

Low: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring Syst...

4.9CVSS5.8AI score0.01592EPSS
Exploits0References6
Rows per page
Query Builder