Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2018/02/03 3:29 p.m.15 views

CVE-2009-5144

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...

7.5CVSS7.4AI score0.0086EPSS
Exploits0References4
Gentoo Linux
Gentoo Linuxadded 2017/09/17 12:0 a.m.55 views

mod_gnutls: Certificate validation error

Background modgnutls is an extension for ​Apache’s httpd. It uses the ​GnuTLS library to provide HTTPS. It supports some protocols and features that modssl does not. Description It was discovered that the authentication hook in modgnutls does not validate client’s certificates even when option...

5CVSS6.5AI score0.0325EPSS
Exploits0
Cvelist
Cvelistadded 2016/09/21 1:0 a.m.24 views

CVE-2016-0903

Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent...

9AI score0.03449EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2015/03/13 2:59 p.m.26 views

CVE-2015-2091

The authentication hook mgshookauthz in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate...

5CVSS5.9AI score0.0325EPSS
Exploits0References3
Cvelist
Cvelistadded 2014/10/07 2:0 p.m.31 views

CVE-2014-7189

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors...

7.7AI score0.01383EPSS
Exploits0References4
NVD
NVDadded 2012/11/20 12:55 a.m.16 views

CVE-2012-4523

radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...

6.4CVSS6.5AI score0.01763EPSS
Exploits0References8
OSV
OSVadded 2012/11/20 12:55 a.m.7 views

CVE-2012-4566

The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...

6.4AI score
Exploits0References7
Prion
Prionadded 2012/11/20 12:55 a.m.12 views

Design/Logic Flaw

radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...

6.4CVSS6.8AI score0.01763EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2012/11/20 12:0 a.m.23 views

CVE-2012-4523

radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...

6.4AI score0.01763EPSS
Exploits0References8
Rows per page
Query Builder