147 matches found
CVE-2011-1643
Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...
CVE-2011-1643
CVE-2011-1643 affects Cisco Unified Communications Manager (CUCM) and Cisco Unified Presence Server. Affected CUCM versions: 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2; Presence Server: 6.x, 7.x, 8.0, and 8.5 before 8.5xnr. Root cause: an open query interface could disclose databas...
PHP 5.3.8 Released, Fixes Crypto Bug
A day after warning users about a serious bug in the cryptographic function in PHP 5.3.7 and telling them not to upgrade to that release, the maintainers of the scripting language pushed out version 5.3.8, which fixes the crypto problem as well as another security related issue. PHP 5.3.7, which...
Fedora 15 : proftpd-1.3.4-0.8.rc2.fc15 (2011-5098)
The second release candidate for proftpd 1.3.4. This includes fixes for a number of security issues : - Plaintext command injection vulnerability in FTPS implementation - Badly formed SSH messages cause DoS - Limit recursion depth for untrusted regular expressions 673040 The update also contains ...
nspr, nss security update
CentOS Errata and Security Advisory CESA-2010:0165 Updated nss packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
This host installed with TLS/SSL protocol which is prone to Spoofing Vulnerability SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
openSUSE Security Update : libwsman-devel (libwsman-devel-157)
This update of openwsman fixes several security vulnerabilities found by the SuSE Security-Team : - remote buffer overflows while decoding the HTTP basic authentication header CVE-2008-2234 - a possible SSL session replay attack affecting the client depending on the configuration CVE-2008-2233...
Design/Logic Flaw
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to...
CVE-2009-0628
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service memory consumption and device crash by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block TCB leak...
SuSE Update for openwsman SUSE-SA:2008:041
Check for the Version of openwsman OpenVAS Vulnerability Test $Id: gbsuse2008041.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for openwsman SUSE-SA:2008:041 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
Session fixation
Cisco IOS 12.4 allows remote attackers to cause a denial of service device crash via a normal, properly formed SSL packet that occurs during termination of an SSL session...
openSUSE 10 Security Update : libwsman-devel (libwsman-devel-5531)
This update of openwsman fixes several security vulnerabilities found by the SuSE Security-Team : - remote buffer overflows while decoding the HTTP basic authentication header CVE-2008-2234 - a possible SSL session replay attack affecting the client depending on the configuration CVE-2008-2233...
Fedora Core 6 : openssl-0.9.8b-14.fc6 (2007-661)
Fri Aug 3 2007 Tomas Mraz 0.9.8b-14 - use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys 250577 - make ssl session cache id matching strict 233599 - Wed Jul 25 2007 Tomas Mraz 0.9.8b-13 - allow building on ARM architectures...
Design/Logic Flaw
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL...
CVE-2006-0999
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL...
CVE-2006-0998
The CVE-2006-0998 issue affects Novell NetWare 6.5 and Novell Open Enterprise Server (OES) where the SSL server implementation in NILE.NLM can select a weak cipher instead of an available stronger cipher. This weak cipher choice enables remote attackers to sniff and potentially decrypt SSL sessio...
CVE-2005-3426
Cisco CSS 11500 Content Services Switch CSS with SSL termination services allows remote attackers to cause a denial of service memory corruption and device reload via a malformed client certificate during SSL session negotiation...
CVE-2005-3426
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services is affected by CVE-2005-3426. The vulnerability allows remote attackers to trigger a denial of service via memory corruption during SSL session negotiation when a malformed client certificate is presented. The entry notes...
CVE-2002-1947
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session...
Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL Session Weakness
Binary data 1306.prm...