Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0936

Malware in sbrugna...

7.4CVSS7.3AI score0.00751EPSS
Exploits1References5
OSV
OSV
added 2022/08/16 8:42 a.m.6 views

SUSE-SU-2022:2813-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain bnc1199223. - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even wh...

7.5CVSS6.6AI score0.3197EPSS
Exploits4References9
OSV
OSV
added 2021/05/24 6:12 p.m.17 views

GHSA-4F68-49QQ-H392 Improper certificate validation in em-imap

em-imap 0.5 and earlier use the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS7.2AI score0.00751EPSS
Exploits1References4
RubySec
RubySec
added 2021/05/24 12:0 a.m.17 views

Improper Certificate Validation in EM-HTTP-Request

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS5AI score0.00905EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/05/24 12:0 a.m.20 views

Improper certificate validation in em-imap

em-imap 0.5 and earlier use the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS5.1AI score0.00751EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2020/12/29 2:59 p.m.21 views

CVE-2020-13482

A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Red Hat...

5.8CVSS2.9AI score0.00905EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/05/25 9:49 p.m.25 views

CVE-2020-13482

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.1AI score0.00905EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2019/10/01 12:0 a.m.201 views

Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation

Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...

0.6AI score
Exploits0
Cvelist
Cvelist
added 2018/08/30 5:0 p.m.33 views

CVE-2018-15476

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication...

8.1AI score0.00756EPSS
Exploits0References1
OSV
OSV
added 2016/12/21 8:0 a.m.10 views

CURL-CVE-2016-9952 Win CE Schannel cert wildcard matches too much

curl's TLS server certificate checks are flawed on Windows CE. This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name as returned by the Windows API function CertGetNameString to the hostname used to make the connection to the server. The...

8.1CVSS7.9AI score0.013EPSS
Exploits0
Rows per page
Query Builder