Lucene search
K

2079 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:0 p.m.8 views

CVE-2020-13302

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password...

7.2CVSS6.3AI score0.01132EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:7 p.m.6 views

CVE-2020-16228

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

6.4CVSS6.5AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 a.m.8 views

CVE-2013-5190

Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service Smart Card usage outage by interfering with the revocation-check procedure...

4.3CVSS6.5AI score0.009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:59 a.m.4 views

CVE-2011-4684

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."...

10CVSS6.8AI score0.06213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:40 a.m.4 views

CVE-2010-5185

The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors...

10CVSS7.1AI score0.01221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 a.m.5 views

CVE-2012-1316

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

5.9CVSS6.9AI score0.00576EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:21 a.m.10 views

CVE-2012-6461

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service...

5CVSS6.8AI score0.0092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 a.m.5 views

CVE-2011-2633

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service application crash via vectors involving a Certificate Revocation List CRL file, as demonstrated by the multicert-ca-02.crl file...

5CVSS6.7AI score0.01337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:50 a.m.8 views

CVE-2012-1191

The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names"...

6.4CVSS6.7AI score0.01899EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:43 a.m.10 views

CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS6.8AI score0.01611EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/19 6:21 a.m.5 views

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/05/19 12:0 a.m.9 views

The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system allows a hacker to circumvent security restrictions.

The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system is related to the lack of verification for certificate revocation. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...

8.1CVSS6.3AI score0.00256EPSS
Exploits0References6Affected Software2
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.6 views

Lara: Lightweight Anonymous Authentication with Asynchronous Revocation Auditability

Anonymous authentication is a technique that allows to combine access control with privacy preservation. Typically, clients use different pseudonyms for each access, hindering providers from correlating their activities. To perform the revocation of pseudonyms in a privacy preserving manner is...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/15 6:36 p.m.7 views

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/05/09 12:15 p.m.5 views

CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

5.9CVSS6.2AI score0.00309EPSS
Exploits0References11
Redos
Redos
added 2025/05/06 12:0 a.m.19 views

ROS-20250505-08

Vulnerability of SSLManagerOpenSSL class of MongoDB database management system is related to lack of certificate revocation check. certificate revocation verification. Exploitation of the vulnerability could allow an attacker acting remotely, bypass security restrictions A vulnerability in the...

9.8CVSS8AI score0.00398EPSS
Exploits0
Redos
Redos
added 2025/05/06 12:0 a.m.7 views

ROS-20250505-07

Vulnerability of SSLManagerOpenSSL class of MongoDB database management system is related to lack of certificate revocation check. certificate revocation verification. Exploitation of the vulnerability could allow an attacker acting remotely, bypass security restrictions A vulnerability in the...

9.8CVSS8AI score0.00398EPSS
Exploits0
Redos
Redos
added 2025/05/06 12:0 a.m.21 views

ROS-20250505-09

Vulnerability of SSLManagerOpenSSL class of MongoDB database management system is related to lack of certificate revocation check. certificate revocation verification. Exploitation of the vulnerability could allow an attacker acting remotely, bypass security restrictions A vulnerability in the...

9.8CVSS8AI score0.00398EPSS
Exploits0
Citrix
Citrix
added 2025/05/02 12:0 a.m.16 views

uberAgent - unable to upload data to Splunk in environment with restricted internet access

uberAgent data is not available on the Splunk dashboard. Agents are reporting correctly when Admins allow full internet access on the firewall. uberAgent log file located in C:\Windows\Temp default location shows the issue with CurlSend attempt, example: 2025-05-02 10:31:10.439...

7.1AI score
Exploits0
OSV
OSV
added 2025/04/18 7:15 a.m.2 views

DEBIAN-CVE-2025-39688

In the Linux kernel, the following vulnerability has been resolved: nfsd: allow SCSTATUSFREEABLE when searching via nfs4lookupstateid The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to...

5.5CVSS5.6AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder