15 matches found
EUVD-2009-3614
Malware in sbrugna...
EUVD-2014-3904
Malware in sbrugna...
EUVD-2012-0749
Malware in sbrugna...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB Affected Versions: N.A. Tested Versions: N.A. Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Statu...
GHSA-9266-J9V3-Q4J5 Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Design/Logic Flaw
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2014-3971
The CmdAuthenticate::authenticateX509 function in db/commands/authenticationcommands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service daemon crash by attempting authentication with an invalid X.509 client certificate...
CVE-2014-3971
The CmdAuthenticate::authenticateX509 function in db/commands/authenticationcommands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service daemon crash by attempting authentication with an invalid X.509 client certificate...
Authentication flaw
The SSL implementation in Cisco Adaptive Security Appliance ASA Software 9.0 before 9.02.6 and 9.1 before 9.12 allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468...
CVE-2011-2701
The ocspcheck function in rlmeaptls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate...
Stack overflow
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary cod...
CVE-2009-4484
The CVE-2009-4484 issue affects yaSSL’s CertDecoder::GetName in taocrypt/src/asn.cpp (yaSSL before 1.9.9), which MySQL bundles and uses for SSL handshakes. A crafted X.509 client certificate name can trigger multiple stack-based buffer overflows, enabling remote code execution or memory corruptio...
Debian: Security Advisory (DSA-1925-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1925-1] New proftpd-dfsg packages fix SSL certificate verification weakness
------------------------------------------------------------------------ Debian Security Advisory DSA-1925-1 [email protected] http://www.debian.org/security/ Steffen Joeris October 31, 2009 http://www.debian.org/security/faq -...