Lucene search
K

39 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.13 views

openSUSE 16 Security Update : go1.26 (openSUSE-SU-2026:20571-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20571-1 advisory. - Update to version go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143:...

9.8CVSS5.9AI score0.00658EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.5 views

Fedora 43 : python-cryptography (2026-6c010af7be)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6c010af7be advisory. Update to v46.0.6 This includes a single fix for security issue: SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during...

6.3CVSS6AI score0.00154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.2 views

Fedora 44 : python-cryptography (2026-2423902e8b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2423902e8b advisory. Update to v46.0.6 This includes a single fix for security issue: SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during...

6.3CVSS6AI score0.00154EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2026-6c010af7be)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS5.9AI score0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:22 a.m.9 views

CVE-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

7.5CVSS6.7AI score0.00918EPSS
Exploits1References1
NVD
NVD
added 2025/03/05 9:15 p.m.4 views

CVE-2024-57174

A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access...

8.1CVSS0.00327EPSS
Exploits0References2
NVD
NVD
added 2022/12/04 4:15 a.m.21 views

CVE-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

7.5CVSS0.00918EPSS
Exploits1References2
Prion
Prion
added 2022/12/04 4:15 a.m.17 views

Code injection

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

5CVSS7.4AI score0.00918EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/12/04 12:0 a.m.62 views

CVE-2022-46405

CVE-2022-46405 affects Mastodon up to version 4.0.2. The issue enables denial-of-service by creating bot accounts that follow attacker-controlled accounts on servers with a wildcard DNS A record, causing uncontrolled recursion of attacker-generated messages and an enlarged Sidekiq pull queue. Aff...

7.5CVSS7.3AI score0.00918EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/07/14 10:15 p.m.19 views

CVE-2020-15104

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of .example.com, Envoy would incorrectly allow nested.subdomain.example.com, wh...

5.4CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2020/07/14 10:5 p.m.28 views

CVE-2020-15104 TLS Validation Vulnerability in Envoy

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of .example.com, Envoy would incorrectly allow nested.subdomain.example.com, wh...

4.6CVSS5.8AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2020/07/14 10:5 p.m.85 views

CVE-2020-15104

CVE-2020-15104 describes a TLS certificate validation issue in Envoy prior to 1.12.6, 1.13.4, 1.14.4, and 1.15.0 where a wildcard DNS SAN could apply to multiple subdomains, e.g., *.example.com allowing nested.subdomain.example.com instead of only subdomain.example.com. The defect affects both cl...

5.5CVSS5.2AI score0.00252EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2020/07/13 7:12 a.m.60 views

CVE-2020-15104

An improper certificate validation vulnerability was found in envoyproxy/envoy, when externally created certificates with wildcards in the DNS Subject Alternative Name are used. This flaw allows an attacker to subvert the envoy filter or destination rules to access restricted resources. The highe...

5.5CVSS6.1AI score0.00252EPSS
Exploits0References4
Kitploit
Kitploit
added 2017/08/24 9:59 p.m.43 views

Knockpy - Enumerate Subdomain Scanner

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the...

7.2AI score
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Perception LiteServe 2.0.1 DNS Wildcard Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6131/info A cross site scripting vulnerability has been discovered in Perception LiteServe. It should be noted that this vulnerability is limited to server configurations with Wildcard DNS enabled. It has been reported th...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/04/07 9:43 p.m.42 views

RelateIQ: Wildcard DNS in website

I found wildcard DNS enabled on your server. The domain 95624031154.relateiq.com is at the following IP 192.33.31.56. Such information should not be publicaly available...

1.6AI score
Exploits0
CVE
CVE
added 2005/02/19 5:0 a.m.55 views

CVE-2004-1527

Microsoft Internet Explorer 6.0 SP1 is affected by a vulnerability in handling certain character strings in the Path attribute, which can allow a remote attacker to hijack sessions by causing cookies to be modified in other domains when the attacker’s domain name is contained in the target’s doma...

5CVSS6.9AI score0.01351EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.37 views

Debian DSA-181-1 : libapache-mod-ssl - XSS

Joe Orton discovered a cross site scripting problem in modssl, an Apache module that adds Strong cryptography i.e. HTTPS support to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only...

7.5CVSS5AI score0.09701EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.23 views

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

8.4AI score0.94006EPSS
Exploits0References37
Debian CVE
Debian CVE
added 2004/09/01 4:0 a.m.42 views

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

6.8CVSS6AI score0.94006EPSS
Exploits0
Rows per page
Query Builder