Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2028 matches found

OSV
OSVadded 2022/10/31 6:15 a.m.67 views

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS5.3AI score
Exploits0References2
OSV
OSVadded 2022/10/31 6:15 a.m.0 views

DEBIAN-CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS7.5AI score0.01634EPSS
Exploits0References1
Prion
Prionadded 2022/10/31 6:15 a.m.25 views

Code injection

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

5CVSS7.1AI score0.01634EPSS
Exploits0References2Affected Software5
Cvelist
Cvelistadded 2022/10/31 12:0 a.m.36 views

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5AI score0.01634EPSS
Exploits0References2
CVE
CVEadded 2022/10/31 12:0 a.m.174 views

CVE-2022-40617

strongSwan before 5.9.8 is affected by a denial-of-service in the revocation plugin when processing a crafted end-entity certificate containing a CRL/OCSP URL pointing to an attacker‑controlled server that does not respond or misbehaves. This is documented across multiple advisories (Linux distri...

7.5CVSS7.1AI score0.01634EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/10/31 12:0 a.m.5 views

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.3AI score0.01634EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2022/10/31 12:0 a.m.32 views

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS7.4AI score0.01634EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2022/10/31 12:0 a.m.34 views

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS7.4AI score0.01634EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2022/10/24 2:21 p.m.3 views

libksba: integer overflow may lead to remote code execution

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

9.8CVSS7.7AI score0.01635EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2022/10/24 2:10 p.m.5 views

libksba: integer overflow may lead to remote code execution

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

9.8CVSS7.7AI score0.01635EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2022/10/17 10:30 a.m.29 views

CVE-2022-41316

A flaw was found in HashiCorp Vault and Vault Enterprise. Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s Certificate Authority CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been...

5.3CVSS1.8AI score0.00396EPSS
Exploits0References4
NVD
NVDadded 2022/10/12 9:15 p.m.28 views

CVE-2022-41316

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...

5.3CVSS0.00396EPSS
Exploits0References3
Prion
Prionadded 2022/10/12 9:15 p.m.17 views

Denial of service

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...

5CVSS6AI score0.00396EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2022/10/12 12:0 a.m.4 views

HashiCorp Vault 信任管理问题漏洞

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. A security vulnerability exists in HashiCorp Vault and Vault Enterprise that stems from its TLS certificate authentication method initially failing to load an optionally configurable CRL issued by the role's CA...

5.3CVSS6.3AI score0.00396EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2022/10/12 12:0 a.m.4 views

CVE-2022-41316

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...

5.2AI score0.00396EPSS
Exploits0References3
Cvelist
Cvelistadded 2022/10/12 12:0 a.m.27 views

CVE-2022-41316

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...

5.5AI score0.00396EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2022/10/12 12:0 a.m.56 views

CVE-2022-41316

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...

5.3CVSS5.2AI score0.00396EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2022/10/11 12:0 a.m.2 views

PT-2022-25812 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.12.0 HashiCorp Vault and Vault Enterprise versions prior to 1.11.4 HashiCorp Vault and Vault Enterprise versions prior to 1.10.7 HashiCorp Vault and Vault Enterprise versions prior to...

5.3CVSS5.4AI score0.00396EPSS
Exploits0References15
Code423n4
Code423n4added 2022/10/10 12:0 a.m.12 views

Griefing of execute transaction sender

Lines of code Vulnerability details Description In function execute from BlurExchange contract there is a call of executeTokenTransfer function. The last one contains the following logic: function executeTokenTransfer address collection, address from, address to, uint256 tokenId, uint256 amount,...

7AI score
Exploits0
Debian
Debianadded 2022/10/06 4:7 p.m.39 views

[SECURITY] [DSA 5249-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5249-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 06, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.01634EPSS
Exploits0
Rows per page
Query Builder