Lucene search
K

4160 matches found

Debian CVE
Debian CVE
added 2014/04/26 1:0 a.m.37 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6AI score0.01218EPSS
Exploits0
Cvelist
Cvelist
added 2014/04/26 1:0 a.m.23 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.1AI score0.01218EPSS
Exploits0References4
OSV
OSV
added 2014/03/27 10:55 a.m.1 views

DEBIAN-CVE-2014-2653

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...

6.5CVSS6.9AI score0.01988EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2014/03/27 10:0 a.m.4 views

CVE-2014-2653

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...

6.8AI score0.01988EPSS
Exploits1References16
seebug.org
seebug.org
added 2014/03/18 12:0 a.m.25 views

PHPMYWIND Sql Injection #2

简要描述: 过滤不严。 详细说明: PHPMyWind\data\alipay\notifyurl.php中 $alipayNotify = new AlipayNotify$alipayconfig; $verifyresult = $alipayNotify-verifyNotify; if$verifyresult //验证成功...

7.1AI score
Exploits0
NVD
NVD
added 2014/03/01 12:55 a.m.23 views

CVE-2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...

2.6CVSS6.2AI score0.00799EPSS
Exploits0References4
OSV
OSV
added 2014/03/01 12:55 a.m.3 views

DEBIAN-CVE-2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...

2.6CVSS6.8AI score0.00799EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2014/02/28 12:0 a.m.4 views

PT-2014-2155 · Debian · Apt

Name of the Vulnerable Software and Affected Versions: apt versions prior to 0.8.11 Description: The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled. Recommendations: For...

2.6CVSS6AI score0.00799EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2014/01/21 5:2 p.m.6 views

nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103)

The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...

5.8CVSS6.4AI score0.02397EPSS
Exploits0References5
CVE
CVE
added 2014/01/16 9:0 p.m.34 views

CVE-2012-6626

The CVE-2012-6626 entry concerns a SQL injection in verify-user.php of b2ePMS 1.0 where the username field can be exploited to execute arbitrary SQL commands. Affected software: b2ePMS 1.0 (verify-user.php). Underlying cause: input from the username field is not properly sanitized, enabling injec...

7.5CVSS8.7AI score0.01223EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2013/12/12 6:55 p.m.4 views

UBUNTU-CVE-2013-4566

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...

4CVSS7.3AI score0.02003EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/12/05 4:11 p.m.6 views

nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103)

The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...

5.8CVSS6.4AI score0.02397EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/12/03 4:36 p.m.10 views

mod_nss: incorrect handling of NSSVerifyClient in directory context

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...

4CVSS7.4AI score0.02003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2013/11/18 5:23 a.m.1 views

CVE-2013-5606

The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...

5.8CVSS5.6AI score0.02397EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2013/11/18 12:0 a.m.46 views

Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is a version prior to 25.0.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. CVE-2013-1741 - An error exists in the 'NullCipher'...

7.5CVSS6.8AI score0.04399EPSS
Exploits0References7
curl security advisories
curl security advisories
added 2013/11/15 8:0 a.m.9 views

cert name check ignore OpenSSL

libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and CURLOPTSSLVERIFYHOST. T...

4.3CVSS6AI score0.03076EPSS
Exploits0Affected Software2
OpenVAS
OpenVAS
added 2013/11/08 12:0 a.m.23 views

Fedora Update for rubygem-ruby-openid FEDORA-2013-20260

Check for the Version of rubygem-ruby-openid OpenVAS Vulnerability Test Fedora Update for rubygem-ruby-openid FEDORA-2013-20260 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...

4.3CVSS9.5AI score0.02132EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/10/06 12:0 a.m.28 views

GLSA-201310-01 : Perl Module-Signature module: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201310-01 Perl Module-Signature module: Arbitrary code execution The cpansign verify command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to...

4.4CVSS6.2AI score0.00557EPSS
Exploits1References2
NVD
NVD
added 2013/08/23 4:55 p.m.28 views

CVE-2013-1909

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.3AI score0.01573EPSS
Exploits0References6
NVD
NVD
added 2013/08/19 11:55 p.m.14 views

CVE-2013-2145

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/...

4.4CVSS7.2AI score0.00557EPSS
Exploits1References8
Rows per page
Query Builder