DEBIAN-CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

GHSA-GR79-9V6V-GC9R Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating...

Rocky Linux 8 : python27:2.7 (RLSA-2019:3335)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3335 advisory. - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The...

Applications in a StoreFront store fail to enumerate and launch. An SSL connection error is reported

After upgrading to SF 1912 CU2, the store fails to present apps, and the following info is seen in the event log: Event ID:0 An SSL connection could not be established: None of the SSL cipher suites offered TLSECDHERSAWITHAES128CBCSHA, TLSECDHERSAWITHAES256CBCSHA, TLSECDHERSAWITHAES128CBCSHA256,...

VDA 2203 - There is no Citrix SSL server configured on the specified address

After installation of Virtual Apps and Desktops VDA 2203 version via an existing install script used for older VDA versions, the SSL VDA connection fails with error "There is no Citrix SSL server configured on the specified address". Uninstalling and reinstalling does not resolve the issue...

K15328: OpenSSL vulnerability CVE-2010-5298

Security Advisory Description Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a...

K25165813: BIG-IP SSL connection Alert Timeout security exposure

Security Advisory Description The mitigation for K41515225: BIG-IP SSL connection security exposure may not work in all conditions. If after applying the workaround in K41515225: BIG-IP SSL connection security exposure, setting the Alert Timeout to its minimum value of 1 second, you continue to...

Security Bulletin: An IBM Business Process Manager SSL connection can be established without host name verification: CVE-2012-5785

Abstract A Secure Sockets Layer SSL connection can be established without host name verfication, which can make the connection vulnerable to a man-in-the-middle attack. Content While obtaining an SSL connection, the IBM Business Process Management BPM system does not validate the host name of the...

CWA for Mac 2203: Random Session disconnects

CWA for Mac will disconnect a session at random. Auto connect-back will also fail. SSL connection error - "status 43" will be reported in Citrix Viewer logs | 03-16-2022 | 10:17:48.817 | 2724 | 5 | sslasock.c | 1359 | SSLDecryptPacket | TCTD | TTERROR | doDecryptData failed. status: 43 | 03-16-20...

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple security vulnerabilities in QRadar, QRM, QVM (CVE-2014-0837, CVE-2014-4833, CVE2014-4830, CVE-2014-4827, CVE-2014-4828, CVE-2014-4825)

Summary Multiple security vulnerabilities have been discovered in IBM QRadar, IBM QRadar Vulnerability Manager QVM and IBM QRadar Risk Manager QRM. Vulnerability Details CVE ID: CVE-2014-0837 DESCRIPTION: IBM QRadar is vulnerable due incorrect handing of an SSL connection, caused by the autoupdat...

nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...

[SECURITY] [DLA 2736-1] lynx security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2736-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 09, 2021 https://wiki.debian.org/LTS -...

SUSE: Security Advisory (SUSE-SU-2019:14163-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21559

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client NetWorker Management Console components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated...

GHSA-JM56-5H66-W453 Repository index file allows for duplicates of the same chart entry in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

Information Disclosure

pgsync is vulnerable to information disclosure. The use of --schema-first and --schema-only options to sync the schema results in disclosure of confidential information due to the sslmode connection parameter being established without SSL...