Lucene search
K

2076 matches found

UbuntuCve
UbuntuCve
added 2010/03/26 6:30 p.m.17 views

CVE-2010-0731

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...

7.5CVSS6.3AI score0.02944EPSS
Exploits1References2
Prion
Prion
added 2010/03/26 6:30 p.m.20 views

Stack overflow

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...

7.5CVSS7.5AI score0.02944EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2010/03/26 6:30 p.m.25 views

CVE-2010-0731

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...

7.5CVSS6.9AI score0.02944EPSS
Exploits1References10
CVE
CVE
added 2010/03/26 6:0 p.m.82 views

CVE-2010-0731

GnuTLS before 1.2.1 (BE, 64‑bit) contains a flaw in gnutls_x509_crt_get_serial that decodes ASN.1 data with the wrong type/length, allowing a crafted X.509 certificate to bypass CRL checks and potentially cause a stack-based overflow. This vulnerability is addressed by Red Hat/CentOS OpenVAS advi...

7.5CVSS6.9AI score0.02944EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2010/03/26 6:0 p.m.29 views

CVE-2010-0731

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...

6.8AI score0.02944EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2009/09/07 12:0 a.m.25 views

Opera Multiple URL Spoofing Vulnerabilities (Sep 2009) - Windows

Opera Web Browser is prone to Multiple Spoof URL vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02221EPSS
Exploits0References6
Prion
Prion
added 2009/09/02 5:30 p.m.13 views

Input validation

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate...

5CVSS6.7AI score0.01106EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2009/09/02 12:0 a.m.3 views

PT-2009-5378 · Opera · Opera

Name of the Vulnerable Software and Affected Versions: Opera versions prior to 10.00 Description: The issue arises from the failure to check all intermediate X.509 certificates for revocation, making it easier for remote SSL servers to bypass validation of the certificate chain via a revoked...

7.5CVSS7.4AI score0.01106EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2009/09/01 12:0 a.m.10 views

Opera < 10.00 Multiple Vulnerabilities

Binary data 800811.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/09/01 12:0 a.m.27 views

Opera < 10.00 Multiple Vulnerabilities

Binary data 5146.prm...

7.5CVSS7.3AI score0.02221EPSS
Exploits0References6
NVD
NVD
added 2009/04/21 11:30 p.m.28 views

CVE-2009-1358

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...

10CVSS6.7AI score0.04396EPSS
Exploits0References9
Cvelist
Cvelist
added 2009/04/21 11:0 p.m.38 views

CVE-2009-1358

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories...

6.5AI score0.04396EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2009/01/15 9:50 a.m.6 views

Moderate: Red Hat Security Advisory: rhpki security and bug fix update

Updated pkisetup, rhpki-common, rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks, and rhpki-tps and rhpki-util for Solaris 9 packages that fix various security issues and several bugs are now available for Red Hat Certificate System 7.2. This update has been rated as having moderate security impact by...

2.1CVSS5.7AI score0.00243EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2008/10/27 12:0 a.m.20 views

IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities

Binary data 4725.prm...

10CVSS7.3AI score0.03302EPSS
Exploits1References14
NVD
NVD
added 2008/10/22 6:0 p.m.19 views

CVE-2008-4679

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists CRL, does not call the setRevocationEnabled method on the PKIXBuilderParameters object,...

6.8CVSS6.4AI score0.01566EPSS
Exploits1References7
Prion
Prion
added 2008/10/22 6:0 p.m.15 views

Security feature bypass

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists CRL, does not call the setRevocationEnabled method on the PKIXBuilderParameters object,...

6.8CVSS6.7AI score0.01566EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2008/10/22 5:0 p.m.52 views

CVE-2008-4679

CVE-2008-4679 affects IBM WebSphere Application Server: Web Services Security in WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19. When Certificate Store Collections uses CRLs, the code path does not call setRevocationEnabled on PKIXBuilderParameters, preventing revocation checks for X.509 certi...

6.8CVSS6.4AI score0.01566EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2008/10/22 5:0 p.m.24 views

CVE-2008-4679

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists CRL, does not call the setRevocationEnabled method on the PKIXBuilderParameters object,...

6.4AI score0.01566EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2008/07/24 5:9 p.m.5 views

MySQL improper permission revocation

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...

2.1CVSS7.3AI score0.0174EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/21 7:16 p.m.6 views

rhcs CRL can get corrupted

Certificate Server 7.2 in Red Hat Certificate System RHCS does not properly handle new revocations that occur while a Certificate Revocation List CRL is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to...

7.5CVSS5.8AI score0.01112EPSS
Exploits0References4
Rows per page
Query Builder