Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
InfradeadOpenconnect1.30

3 matches found

CVE
CVEadded 2010/10/14 5:58 a.m.58 views

CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.

5CVSS6AI score0.0056EPSS
CVE
CVEadded 2010/10/14 5:58 a.m.38 views

CVE-2010-3903

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code.

5CVSS6.7AI score0.00305EPSS
CVE
CVEadded 2010/10/14 5:58 a.m.36 views

CVE-2010-3901

OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing...

6.4CVSS6.6AI score0.00152EPSS