The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
Max CVSS
5.9
EPSS Score
0.05%
Published
2009-08-18
Updated
2020-08-28
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
Max CVSS
5.9
EPSS Score
0.64%
Published
2020-03-11
Updated
2023-02-13
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.
Max CVSS
5.9
EPSS Score
0.33%
Published
2016-04-14
Updated
2023-02-13
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Max CVSS
5.9
EPSS Score
0.78%
Published
2019-11-01
Updated
2019-11-07
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
Max CVSS
5.9
EPSS Score
0.16%
Published
2019-11-05
Updated
2019-11-12
Cache Poisoning issue exists in DNS Response Rate Limiting.
Max CVSS
5.9
EPSS Score
0.11%
Published
2019-11-05
Updated
2019-11-08
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.
Max CVSS
5.9
EPSS Score
0.34%
Published
2020-01-02
Updated
2020-01-14
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
Max CVSS
5.9
EPSS Score
0.09%
Published
2017-10-18
Updated
2017-11-07
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
Max CVSS
5.9
EPSS Score
0.05%
Published
2019-11-13
Updated
2019-11-15
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.
Max CVSS
5.9
EPSS Score
0.16%
Published
2018-04-12
Updated
2019-04-22
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.
Max CVSS
5.9
EPSS Score
0.20%
Published
2017-09-19
Updated
2017-10-04
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Max CVSS
5.9
EPSS Score
0.17%
Published
2016-05-16
Updated
2022-08-29
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.
Max CVSS
5.9
EPSS Score
0.16%
Published
2017-08-24
Updated
2017-09-07
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
Max CVSS
5.9
EPSS Score
3.70%
Published
2017-08-07
Updated
2020-06-18
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
Max CVSS
5.9
EPSS Score
0.48%
Published
2016-04-21
Updated
2022-05-13
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
Max CVSS
5.9
EPSS Score
0.39%
Published
2016-04-13
Updated
2017-12-09
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
Max CVSS
5.9
EPSS Score
0.13%
Published
2017-08-10
Updated
2023-12-08
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Max CVSS
5.9
EPSS Score
0.33%
Published
2016-01-27
Updated
2019-12-27
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Max CVSS
5.9
EPSS Score
96.90%
Published
2016-05-05
Updated
2024-02-16
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Max CVSS
5.9
EPSS Score
0.14%
Published
2022-02-18
Updated
2023-09-17
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
Max CVSS
5.9
EPSS Score
93.44%
Published
2016-07-19
Updated
2020-08-25
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Max CVSS
5.9
EPSS Score
0.19%
Published
2018-08-01
Updated
2023-02-12
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
Max CVSS
5.9
EPSS Score
0.39%
Published
2018-03-12
Updated
2018-04-12
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
Max CVSS
5.9
EPSS Score
0.06%
Published
2018-07-27
Updated
2023-02-12
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
Max CVSS
5.9
EPSS Score
0.04%
Published
2018-07-27
Updated
2023-02-12
872 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!