Lucene search
K

103 matches found

ATTACKERKB
ATTACKERKB
added 2022/05/02 11:15 p.m.8 views

CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

5.3CVSS5.9AI score0.00791EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/11/23 12:0 a.m.4 views

Amazon AWS IoT Device SDK 信任管理问题漏洞

The Amazon AWS IoT Device SDK is a collection of C source files under the MIT Open Source License from Amazon.com, Inc. that can be used in embedded applications to securely connect IoT devices to the AWS IoT Core.It includes an MQTT, JSON parser, and the AWS IoT Device Shadow library. It is...

8.8CVSS7.9AI score0.00375EPSS
Exploits0References6
OSV
OSV
added 2020/12/01 7:15 p.m.6 views

CVE-2020-28577

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names...

5.3CVSS5.8AI score0.03206EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/12/01 6:40 p.m.26 views

CVE-2020-28577

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names...

5.2AI score0.03206EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.7 views

Trend Micro OfficeScan XG 信息泄露漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities.Trend Micro OfficeScan XG is a suite of distributed anti-virus software from Trend Micro. An incorrect access control information disclosure...

5.3CVSS6AI score0.03206EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/11/09 12:0 a.m.36 views

openSUSE Security Update : apache-commons-httpclient (openSUSE-2020-1873)

This update for apache-commons-httpclient fixes the following issues : - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

5.8CVSS6.2AI score0.19312EPSS
Exploits1References4
CNVD
CNVD
added 2020/06/04 12:0 a.m.3 views

vCloud Director Remote Code Execution Vulnerability

vCloud Director hereinafter referred to as Director is based on the virtualization capabilities of VMware vSphere and extends the resource pooling capabilities of VMware vCenter to enable IT departments to create a "VDC Virtual Data Center". "VDCs Virtual Data Centers are pools of compute, networ...

8.4AI score
Exploits0References1
CNVD
CNVD
added 2020/05/29 12:0 a.m.3 views

GNOME glib-networking Trust Management Issues Vulnerability

GNOME glib-networking is a networking extension package for Glib a collection of five underlying libraries written in C. A security vulnerability exists in GNOME glib-networking 2.64.2 and earlier versions, which stems from an implementation of GTlsClientConnection that does not validate the...

6.5CVSS9.2AI score0.01933EPSS
Exploits1
OSV
OSV
added 2019/11/21 11:15 p.m.3 views

DEBIAN-CVE-2014-2901

wolfssl before 3.2.0 does not properly issue certificates for a server's hostname...

7.5CVSS7.3AI score0.00612EPSS
Exploits0References1
Prion
Prion
added 2019/03/26 2:29 p.m.16 views

Design/Logic Flaw

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verifyserverhostname were set to false, even when it is actually set to true. This is fixed in 1.4.4...

5.8CVSS7.3AI score0.00605EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/03/26 12:0 a.m.11 views

PT-2019-19855 · Hashicorp +1 · Hashicorp Consul +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul version 1.4.3 Description: The issue arises from a lack of server hostname verification for agent-to-agent TLS communication in HashiCorp Consul. This occurs even when the verify server hostname setting is set to true, causin...

7.5CVSS6.7AI score0.02851EPSS
Exploits1References24
Prion
Prion
added 2019/03/12 4:29 p.m.10 views

Design/Logic Flaw

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are...

4CVSS5.1AI score0.00868EPSS
Exploits0References1
OSV
OSV
added 2018/10/10 5:23 p.m.24 views

GHSA-W64C-PXJJ-H866 Ansible does not verify that the server hostname matches a domain name in certificates

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

8.7CVSS7.4AI score0.00933EPSS
Exploits0References9
NVD
NVD
added 2018/07/27 1:29 p.m.42 views

CVE-2017-2639

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...

7.5CVSS6.5AI score0.01137EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/07/27 1:0 p.m.47 views

CVE-2017-2639

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...

6.5CVSS7.4AI score0.01137EPSS
Exploits0References4
CNVD
CNVD
added 2017/06/12 12:0 a.m.8 views

AtMail Cross-Site Request Forgery Vulnerability (CNVD-2017-09349)

AtMail is an open source WebMail client from the Australian company Atmail , which provides a Webmail interface , address book management , calendars and other features , and supports IMAP, video mail and so on. A cross-site request forgery vulnerability exists in Atmail versions prior to 7.8.0.2...

8.8CVSS6.9AI score0.00451EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/05/31 2:16 p.m.49 views

Moderate: Red Hat Security Advisory: CFME 5.8.0 security, bug, and enhancement update

An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS6.8AI score0.01137EPSS
Exploits0References494
Tenable Nessus
Tenable Nessus
added 2017/04/20 12:0 a.m.9 views

VPN Server Hostname Detection via PPTP

Binary data 7268.pasl...

7.3AI score
Exploits0
CVE
CVE
added 2016/04/21 2:0 p.m.65 views

CVE-2013-7449

The CVE-2013-7449 issue affects HexChat (before 2.10.2), XChat, and XChat-GNOME, where ssl_do_connect in common/server.c fails to verify that the server hostname matches a domain in the X.509 certificate. This allows MITM attackers to spoof SSL servers using arbitrary valid certificates. The root...

6.5CVSS6.3AI score0.00757EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2016/04/21 2:0 p.m.48 views

CVE-2013-7449

The ssldoconnect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.5CVSS6.3AI score0.00757EPSS
Exploits0
Rows per page
Query Builder