Wiesemann & Theis Com-Server 加密问题漏洞

Wiesemann & Theis Com-Server is a communication server for industrial automation from Wiesemann & Theis that provides connectivity between serial devices and Ethernet. A cryptographic issue vulnerability exists in Wiesemann & Theis Com-Server versions prior to 1.60 that stems from the use of...

PT-2025-19347 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Steve versions prior to v0.2.1 Steve versions prior to v0.3.3 Steve versions prior to v0.4.4 Steve versions prior to v0.5.13 Description: A vulnerability has been identified in Steve where it uses an insecure option by default, not validating...

CVE-2024-23656

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...

Insecure TLS Configuration

aws-cdk-lib is vulnerable to Insecure TLS configuration. The vulnerability is due to the tls.connect method setting rejectUnauthorized: false by default, which allows connections to unauthorized OIDC providers without verification. This could potentially allow attackers to exploit insecure...

RHEL 9 : perl-HTTP-Tiny (RHSA-2024:4430)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4430 advisory. HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more detail...

Moderate: Red Hat Security Advisory: perl-HTTP-Tiny security update

An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CVE-2023-49250 Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which...

CVE-2023-49250 Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which...

CVE-2024-23656

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...

CVE-2024-23656 Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...

CVE-2024-23656 Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...

dex Security Vulnerabilities

dex is an identity service that uses OpenID Connect to drive authentication for other applications. A security vulnerability exists in versions of dex prior to 2.38.0 that stems from the use of insecure TLS 1.0 and TLS 1.1 to provide HTTPS, which can be exploited by an attacker to decrypt TLS 1.0...

EulerOS 2.0 SP10 : perl (EulerOS-SA-2023-2795)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users...

EulerOS Virtualization 2.9.1 : perl-HTTP-Tiny (EulerOS-SA-2023-2968)

According to the versions of the perl-HTTP-Tiny package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS...

EulerOS Virtualization 2.10.0 : perl-HTTP-Tiny (EulerOS-SA-2023-2944)

According to the versions of the perl-HTTP-Tiny package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS...

EulerOS Virtualization 2.9.0 : perl (EulerOS-SA-2023-2993)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuratio...

EulerOS Virtualization 2.11.0 : perl (EulerOS-SA-2023-3077)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuratio...

EulerOS 2.0 SP9 : perl-HTTP-Tiny (EulerOS-SA-2023-2595)

According to the versions of the perl-HTTP-Tiny package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration wher...

Insecure TLS Configuration

wolfssl uses Insecure TLS Configuration. When generating the session master secret, the IKM value is utilized as a default predictable buffer, which may compromise the key and make it possible for listeners to reconstruct it. This could provide access to alteration of the contents of session...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication (CVE-2019-1590)

A vulnerability in the Transport Layer Security TLS certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The...