Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 6:3 a.m.1 views

SUSE CVE-2009-2702

KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificatio...

7.5CVSS7.5AI score0.00448EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 6:2 a.m.2 views

SUSE CVE-2009-3044

Opera before 10.00 does not properly handle a 1 '\0' character or 2 invalid wildcard character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

5CVSS6.8AI score0.00327EPSS
Exploits0References3
OSV
OSVadded 2017/09/15 6:29 p.m.2 views

DEBIAN-CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter but do not specify the sslcertsdir parameter, a default will be provided for the sslcertsdir that will trust certificates from any of the...

7.5CVSS7.3AI score0.00125EPSS
Exploits0References1
OSV
OSVadded 2017/09/15 6:29 p.m.1 views

UBUNTU-CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter but do not specify the sslcertsdir parameter, a default will be provided for the sslcertsdir that will trust certificates from any of the...

7.5CVSS5.8AI score0.00125EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2012/11/04 12:0 a.m.2 views

PT-2012-6133 · Lynx · Lynx

Name of the Vulnerable Software and Affected Versions: Lynx affected versions not specified Description: The issue is related to Lynx not verifying that the server's certificate is signed by a trusted certification authority. This allows man-in-the-middle attackers to spoof SSL servers via a...

5.9CVSS5.2AI score0.00237EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2010/10/19 11:20 p.m.2 views

firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL serve...

4.3CVSS7.4AI score0.01158EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2009/10/14 12:0 a.m.2 views

PT-2009-4918 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to an integer overflow in the CryptoAPI component when parsing X.509 certificates with malformed ASN.1 Object Identifiers. This allows man-in-the-middle...

7.5CVSS6.4AI score0.14509EPSS
Exploits1References7
Rows per page
Query Builder