Lucene search
K

273 matches found

OSV
OSV
added 2020/07/31 5:40 p.m.13 views

GHSA-2V5C-755P-P4GV Missing TLS certificate verification in faye-websocket

The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...

8CVSS7.8AI score0.00914EPSS
Exploits1References14
OSV
OSV
added 2020/07/22 12:0 a.m.11 views

OSV-2020-920 Heap-buffer-overflow in pcpp::SSLServerHelloMessage::getSessionIDLength

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22523 Crash type: Heap-buffer-overflow READ 1 Crash state: pcpp::SSLServerHelloMessage::getSessionIDLength pcpp::SSLServerHelloMessage::SSLServerHelloMessage pcpp::SSLHandshakeMessage::createHandhakeMessage...

7.2AI score
Exploits0References1
ArchLinux
ArchLinux
added 2020/04/21 12:0 a.m.34 views

[ASA-202004-18] openssl: denial of service

Arch Linux Security Advisory ASA-202004-18 ========================================== Severity: High Date : 2020-04-21 CVE-ID : CVE-2020-1967 Package : openssl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1139 Summary ======= The package openssl before version...

7.5CVSS1.1AI score0.53336EPSS
Exploits2References4
Prion
Prion
added 2020/03/16 2:15 p.m.22 views

Code injection

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...

4CVSS7.2AI score0.01383EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for httpcomponents-client (EulerOS-SA-2019-2518)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.8AI score0.19312EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.1332 views

Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure

The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions o...

7.5CVSS6.9AI score0.45113EPSS
Exploits1References15
Citrix
Citrix
added 2019/10/14 12:0 a.m.7 views

Remote SSL Peer sent a handshake failure- on CWA 1910 for Mac and macOS Catalina

When trying to connect user receives "The remote SSL peer sent a handshake failure alert"...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.33 views

EulerOS 2.0 SP3 : jakarta-commons-httpclient (EulerOS-SA-2019-2027)

According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

4.3CVSS6.1AI score0.19312EPSS
Exploits0References2
Atlassian
Atlassian
added 2019/07/11 12:57 p.m.802 views

Unable to secure remote agents via automatic keystore management

h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...

0.8AI score
Exploits0Affected Software1
Veracode
Veracode
added 2019/05/02 5:28 a.m.43 views

Denial Of Service (DoS)

HTTPS NIO Connector is vulnerable to Denial Of Service DoS attacks. The component Socket Handler's functionality is affected by opening a socket and not sending an SSL handshake which results in a read-timeout vulnerability...

7.5CVSS7.2AI score0.02646EPSS
Exploits0References24Affected Software74
Veracode
Veracode
added 2019/05/02 4:56 a.m.28 views

Cryptography Key Leakage

java is vulnerable to cryptography key leakage. The vulnerability exists as sensitive encryption key information can be obtained through timing attacks during the TLS/SSL handshake...

4CVSS5.2AI score0.02432EPSS
Exploits0References74Affected Software3
OSV
OSV
added 2019/04/15 3:37 p.m.6 views

SUSE-SU-2018:4236-2 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 bsc1119105 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a...

9.8CVSS7.5AI score0.44398EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2018/12/31 12:0 a.m.40 views

openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)

This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 bsc1119105 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack bsc1119069 - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS respond...

5.9CVSS6.1AI score0.44398EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2018/12/29 12:0 a.m.46 views

openSUSE: Security Advisory for mozilla-nspr (openSUSE-SU-2018:4283-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6.5AI score0.44398EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/12/24 12:0 a.m.286 views

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 bsc1119105 CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a...

9.8CVSS7.6AI score0.44398EPSS
Exploits1References23
OSV
OSV
added 2018/12/21 5:49 p.m.8 views

SUSE-SU-2018:4236-1 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 bsc1119105 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a...

9.8CVSS7.5AI score0.44398EPSS
Exploits1References14
Veracode
Veracode
added 2018/11/20 5:23 a.m.62 views

Denial Of Service (DoS)

node is vulnerable to denial of service. A use-after-free UAF bug in the TLS implementation allows a remote attacker to cause a denial of service condition in the HTTP server by sending duplicate or unexpected messages during the SSL handshake...

7.5CVSS7.1AI score0.06974EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2018/10/17 12:5 a.m.3 views

GHSA-FMJ5-WV96-R2CH Denial of service vulnerability in org.apache.httpcomponents:httpclient

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

4.3CVSS6.8AI score0.19312EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2018/10/17 12:5 a.m.47 views

Denial of service vulnerability in org.apache.httpcomponents:httpclient

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

4.3CVSS5.7AI score0.19312EPSS
Exploits0References20Affected Software1
Citrix
Citrix
added 2018/09/28 12:0 a.m.8 views

Device SSL Handshake Fails While Enrolling in iOS 12

Since upgrading to iOS12, devices are unable to enroll. SSL error is raised by the device...

7.1AI score
Exploits0
Rows per page
Query Builder