CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

SUSE CVE•added 2023/02/15 5:19 a.m.•1 views

SUSE CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack...

5.9CVSS7.9AI score0.39693EPSS

Exploits1References13

SUSE CVE•added 2023/02/15 4:43 a.m.•1 views

SUSE CVE-2017-10789

The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...

4.8CVSS7AI score0.00227EPSS

Exploits0References8

Tenable Nessus•added 2021/02/04 12:0 a.m.•39 views

EulerOS 2.0 SP5 : perl-DBD-MySQL (EulerOS-SA-2021-1223)

According to the versions of the perl-DBD-MySQL package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl...

9.8CVSS6.8AI score0.39693EPSS

Exploits1References5

Hacker One•added 2017/04/18 4:57 p.m.•20 views

Uber: duplicate hsts headers lead to firefox ignoring hsts on business.uber.com

It was possible for an attacker to temporarily downgrade a chosen victim from a secure HTTPS connection to HTTP in Firefox. The impact of this issue was low due to the very small window that it provided to actually take advantage of the downgrade, and the fact that it required getting a user to...

1.1AI score

Exploits0

Tenable Nessus•added 2015/12/22 12:0 a.m.•36 views

Scientific Linux Security Update : curl on SL7.x x86_64 (20151119)

It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issu...

5CVSS7.3AI score0.04659EPSS

Exploits1References6

OSV•added 2015/07/23 9:39 a.m.•19 views

MGASA-2015-0276 Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

10CVSS7.8AI score0.10384EPSS

Exploits1References4

Tenable Nessus•added 2015/07/14 12:0 a.m.•48 views

FreeBSD : mysql -- SSL Downgrade (36bd352d-299b-11e5-86ff-14dae9d210b8) (BACKRONYM)

Duo Security reports : Researchers have identified a serious vulnerability in some versions of Oracle's MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

5.9CVSS6.3AI score0.39693EPSS

Exploits1References8

Cloud Foundry•added 2014/10/16 12:0 a.m.•132 views

CVE-2014-3566 SSLV3 POODLE | Cloud Foundry

CVE-2014-3566 SSLV3 POODLE Moderate Vendor The SSL protocol 3.0, as used in OpenSSL through 1.0.1i Versions Affected SSLv3 Description SSL 3.0 RFC6101 is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 RFC2246, TLS 1.1 RFC4346 an...

4.3CVSS4.4AI score0.93538EPSS

Exploits5

RedHat Linux•added 2013/04/04 8:16 p.m.•3 views

Puppet: SSL protocol downgrade

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors...

5CVSS5.9AI score0.00595EPSS

Exploits0References4

OpenVAS•added 2013/03/12 12:0 a.m.•28 views

Debian Security Advisory DSA 2643-1 (puppet - several vulnerabilities)

Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the...

9CVSS0.2AI score0.02291EPSS

Exploits0References1

Positive Technologies•added 2013/01/09 12:0 a.m.•2 views

PT-2013-2063 · Microsoft · Windows Server 2008 R2 +8

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 7 Gold Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft...

5.8CVSS6.3AI score0.15832EPSS

Exploits0References6

Tenable Nessus•added 2012/05/04 12:0 a.m.•16 views

Fedora 15 : mozilla-https-everywhere-2.0.3-2.fc15 (2012-7175)

Fix a possible SSL downgrade vulnerability. Fix upstream bug 5676, which fixes an SSL downgrade attack. Fix upstream bug 5676, which fixes an SSL downgrade attack. Fix upstream bug 5676, which fixes an SSL downgrade attack. Fix upstream bug 5676, which fixes an SSL downgrade attack. Fix upstream...

5.5AI score

Exploits0References1

Tenable Nessus•added 2012/05/02 12:0 a.m.•13 views

Fedora 17 : mozilla-https-everywhere-2.0.3-2.fc17 (2012-7051)

5.5AI score

Exploits0References1

OSV•added 2010/12/06 9:5 p.m.•4 views

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

7.3AI score

Exploits0References67

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by