50 matches found
EUVD-2007-0399
Malware in sbrugna...
Shrinking Lifespans, Growing Risk: The Final Certificate Countdown
Recent Developments Severely Shorten Certificate Lifespans. The SSL/TLS ecosystem is shifting rapidly and not in a way that favors already stretched teams. Historically, certificates could be valid for up to 10 years. Certificates now face drastically shorter lifespans. DigiCert and other major...
CVE-2024-51774
A flaw was found in qBittorrent's DownloadManager component. This vulnerability allows remote code execution via improper validation of SSL/TLS certificates, enabling attackers to perform man-in-the-middle and RCE attacks...
Insecure HTTPS Connections
nategood/httpful is vulnerable to Insecure HTTPS Connections. The vulnerability is due to the lack of built-in certificate validation mechanisms in the Httpful library, which fails to enforce the proper verification of SSL/TLS certificates by default. It allows attackers to intercept and manipula...
CVE-2024-5445
Ecosystem Agent version 4 4.1.5.2597 and Ecosystem Agent version 5 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position...
CVE-2024-5445 Ecosystem Agent Insufficient Transport Layer Security
Ecosystem Agent version 4 4.1.5.2597 and Ecosystem Agent version 5 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position...
USN-6948-1: Salt vulnerabilities
It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...
Ubuntu 16.04 LTS / 18.04 LTS : Salt vulnerabilities (USN-6948-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6948-1 advisory. It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary...
On Entrust? Imperva has your back!
Managing SSL/TLS certificates is a critical yet complex task for any organization. Certificates ensure secure communication between users and your web applications, but maintaining them involves constant vigilance and expertise. From monitoring expiration dates to renewing and deploying new...
Shodan Dorks
Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates...
Jenkins < 2.303.2, < 2.315 HTTP Library Vulnerability - Linux
Jenkins is prone to a vulnerability in the bundled version of commons-httpclient library. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...
Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months 825 days. In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates...
CVE-2015-3006
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOMINTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for...
CVE-2015-3006
CVE-2015-3006 applies to Juniper Junos OS on QFX3500 and QFX3600 switches. The described vulnerability is an entropy issue: during boot the device collects too few bytes from the RANDOM_INTERRUPT entropy source, which can lead to weak or duplicate SSH keys and self-signed SSL/TLS certificates. En...
Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2019-1980)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker...
EulerOS Virtualization for ARM 64 3.0.1.0 : libvirt (EulerOS-SA-2019-1394)
According to the versions of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest ...
EulerOS Virtualization 3.0.1.0 : libvirt (EulerOS-SA-2019-1456)
According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to...
RSAC 2019: TLS Markets Flourish on the Dark Web
SAN FRANCISCO – Thriving marketplaces for TLS certificates have emerged on the Dark Web, which are hawking the certs both as individual goods and packaged with an array of malware and other ancillary services. The research, from Venafi, the University of Surrey and the Evidence-based Cybersecurit...
Ubuntu 14.04 LTS / 16.04 LTS : libvirt vulnerabilities (USN-3576-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3576-1 advisory. Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set ...