7.5

CVE-2014-3495

Exploit
duplicity 0.6.24 has improper verification of SSL certificates
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDuplicity Version0.6.24
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.562
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://access.redhat.com/security/cve/cve-2014-3495
Third Party Advisory
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495
Exploit
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495
Third Party Advisory
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2014-3495
Third Party Advisory