CLSA-2023-1689700589 Fix CVE(s): CVE-2023-31486

SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module - debian/patches/CVE-2023-31486.patch: add verifySSL=1 to HTTP::Tiny default configuration - CVE-2023-31486...

CVE-2023-36749

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2023-36749

Siemens RUGGEDCOM ROX family is affected by CVE-2023-36749 due to use of insecure TLS 1.0 in the webserver, enabling potential man-in-the-middle attacks with data confidentiality and integrity impact. Affected devices include ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, R...

PT-2023-4088 · Siemens · Ruggedcom Rox Mx5000 +8

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 versions prior to V2.16.0 RUGGEDCOM ROX MX5000RE versions prior to V2.16.0 RUGGEDCOM ROX RX1400 versions prior to V2.16.0 RUGGEDCOM ROX RX1500 versions prior to V2.16.0 RUGGEDCOM ROX RX1501 versions prior to V2.16.0...

AZL-37127 CVE-2023-31486 affecting package perl for versions less than 5.34.1-489

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

CVE-2023-22812

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data...

CVE-2023-22812 SanDisk PrivateAccess Deprecated TLS protocol versions supported

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data...

Insecure TLS Configuration

github.com/argoproj/argo-workflows uses an insecure TLS configuration. The Argo Server TLS requests can potentially be forged by an attacker with network access...

Debian: Security Advisory (DSA-4668-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4668-1 : openjdk-8 - security update

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[SECURITY] [DLA 2193-1] openjdk-7 security update

Package : openjdk-7 Version : 7u261-2.6.22-1deb8u1 CVE ID : CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS...

Debian DLA-2193-1 : openjdk-7 security update

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. For Debian 8 'Jessie', these problems have been fixed in version 7u261-2.6.22-1deb8u1. We recommend...

[SECURITY] [DSA 4668-1] openjdk-8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4668-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2020 https://www.debian.org/security/faq -...

Debian DSA-4662-1 : openjdk-11 - security update

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[SECURITY] [DSA 4662-1] openjdk-11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2020 https://www.debian.org/security/faq -...

CVE-2017-7468

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which...