BIT-JAVA-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by exploiting nonce reuse within a session. Remediation There is no fixed...

EUVD-2009-4886

Malware in sbrugna...

EUVD-2012-0426

Malware in sbrugna...

EUVD-2021-1278

Malware in sbrugna...

EUVD-2021-21089

Malware in sbrugna...

EUVD-2011-4056

Malware in sbrugna...

CVE-2012-4566

The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...

K15366: OpenSSL DTLS vulnerability CVE-2009-1377

Security Advisory Description Description The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS...

SUSE CVE-2007-4995

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors...

SUSE CVE-2016-6308

statem/statemdtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted DTLS messages...

MGASA-2022-0450 Updated erlang packages fix security vulnerability

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. CVE-2022-37026...

SUSE-SU-2022:4222-1 Security update for erlang

This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. bsc1205318...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

CVE-2022-35409

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

Mbed TLS 缓冲区错误漏洞

Mbed TLS is an open source, portable, easy-to-use, readable and flexible SSL library. A buffer error vulnerability exists in Mbed TLS versions prior to 2.28.2 and 3.x versions prior to 3.2.0, which stems from the fact that in certain configurations, an unauthenticated attacker can send an invalid...

Pion DTLS 安全漏洞

Pion DTLS is a Go language based implementation of DTLS Packet Transport Layer Security Protocol. A security vulnerability exists in Pion DTLS versions prior to 2.1.4. An attacker exploited the vulnerability to send packets sending Pion DTLS into an infinite loop...

CVE-2021-34433

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based x509 and RPK DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange...

Eclipse TinyDTLS 加密问题漏洞

Eclipse TinyDTLS is a library for Datagram Transport Layer Security DTLS.Eclipse TinyDTLS is vulnerable to an encryption issue that could be exploited by an attacker to compute a key to decrypt DTLS communications...

Eclipse Californium 安全漏洞

Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap back-end support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions 2.3.0 through 2.6.0, which stems from DTLS server-side persistence of incorrect internal state. ...