Lucene search
K

14 matches found

Snyk
Snyk
added 2026/03/03 9:35 p.m.3 views

Improper Certificate Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via channels.imessage.remoteHost. An attacker can execute arbitrary commands or intercept sensitive data by exploiting trust-on-first-use SSH host key...

5.4CVSS6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 5:16 a.m.6 views

CVE-2024-1052

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

8CVSS7AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2024/09/26 6:15 p.m.33 views

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

5.9CVSS0.00297EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/26 5:27 p.m.21 views

CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

5.9CVSS6.8AI score0.00297EPSS
Exploits0References4
OSV
OSV
added 2024/09/26 5:27 p.m.19 views

CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

5.9CVSS6.4AI score0.00297EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/26 5:27 p.m.52 views

CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

5.9CVSS0.00297EPSS
Exploits0References4
CVE
CVE
added 2024/09/26 5:27 p.m.67 views

CVE-2024-47174

CVE-2024-47174 affects Nix’s fetchurl/builtin:fetchurl in versions 1.11 through before 2.18.8 and 2.24.8, where TLS certificates were not verified on HTTPS, risking leakage of full URLs and credentials (e.g., from netrc) under MITM. TOFU-style hash misupdates could also be abused. Affected compon...

5.9CVSS5.6AI score0.00297EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/09/26 5:27 p.m.10 views

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

5.9CVSS5.8AI score0.00297EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/02/05 9:30 p.m.18 views

Boundary vulnerable to session hijacking through TLS certificate tampering

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

8CVSS7AI score0.00294EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/02/05 9:15 p.m.18 views

Session fixation

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

4.6CVSS7.3AI score0.00294EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/05 8:43 p.m.23 views

CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

8CVSS6.9AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2024/02/05 8:43 p.m.65 views

CVE-2024-1052

Boundary and Boundary Enterprise are affected by CVE-2024-1052: session hijacking via TLS certificate tampering. The issue occurs when an attacker who can enumerate active/pending sessions, obtain a session private key, and possess a valid TOFU token can craft a TLS certificate to hijack an activ...

8CVSS7.8AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/05 8:43 p.m.29 views

CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

8CVSS8.1AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.6 views

PT-2023-17752 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided in the input descriptions. Description: In the processMessageImpl function of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the...

9.8CVSS7.1AI score0.00639EPSS
Exploits0References8
Rows per page
Query Builder