273 matches found
GHSA-2V5C-755P-P4GV Missing TLS certificate verification in faye-websocket
The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...
OSV-2020-920 Heap-buffer-overflow in pcpp::SSLServerHelloMessage::getSessionIDLength
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22523 Crash type: Heap-buffer-overflow READ 1 Crash state: pcpp::SSLServerHelloMessage::getSessionIDLength pcpp::SSLServerHelloMessage::SSLServerHelloMessage pcpp::SSLHandshakeMessage::createHandhakeMessage...
[ASA-202004-18] openssl: denial of service
Arch Linux Security Advisory ASA-202004-18 ========================================== Severity: High Date : 2020-04-21 CVE-ID : CVE-2020-1967 Package : openssl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1139 Summary ======= The package openssl before version...
Code injection
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
Huawei EulerOS: Security Advisory for httpcomponents-client (EulerOS-SA-2019-2518)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure
The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions o...
Remote SSL Peer sent a handshake failure- on CWA 1910 for Mac and macOS Catalina
When trying to connect user receives "The remote SSL peer sent a handshake failure alert"...
EulerOS 2.0 SP3 : jakarta-commons-httpclient (EulerOS-SA-2019-2027)
According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...
Unable to secure remote agents via automatic keystore management
h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...
Denial Of Service (DoS)
HTTPS NIO Connector is vulnerable to Denial Of Service DoS attacks. The component Socket Handler's functionality is affected by opening a socket and not sending an SSL handshake which results in a read-timeout vulnerability...
Cryptography Key Leakage
java is vulnerable to cryptography key leakage. The vulnerability exists as sensitive encryption key information can be obtained through timing attacks during the TLS/SSL handshake...
SUSE-SU-2018:4236-2 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 bsc1119105 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a...
openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)
This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 bsc1119105 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack bsc1119069 - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS respond...
openSUSE: Security Advisory for mozilla-nspr (openSUSE-SU-2018:4283-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 bsc1119105 CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a...
SUSE-SU-2018:4236-1 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 bsc1119105 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a...
Denial Of Service (DoS)
node is vulnerable to denial of service. A use-after-free UAF bug in the TLS implementation allows a remote attacker to cause a denial of service condition in the HTTP server by sending duplicate or unexpected messages during the SSL handshake...
GHSA-FMJ5-WV96-R2CH Denial of service vulnerability in org.apache.httpcomponents:httpclient
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
Denial of service vulnerability in org.apache.httpcomponents:httpclient
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
Device SSL Handshake Fails While Enrolling in iOS 12
Since upgrading to iOS12, devices are unable to enroll. SSL error is raised by the device...