145 matches found
EUVD-2004-0777
Malware in sbrugna...
EUVD-1999-0428
Malware in sbrugna...
CVE-2011-1643
Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...
CVE-2013-2770
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server OES on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate...
CVE-2025-20212
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...
Amazon Linux 2 : nginx (ALASNGINX1-2025-008)
The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...
Linux Distros Unpatched Vulnerability : CVE-2015-0564
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remot...
Fedora 40 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-016ed44ddc)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-016ed44ddc advisory. Changes with nginx 1.26.3 05 Feb 2025 Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...
Nginx 1.27.x < 1.27.4 SSL Session Reuse
According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...
Nginx 1.11.4 < 1.26.3 SSL Session Reuse
According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...
Azure Linux 3.0 Security Update: curl (CVE-2024-0853)
The version of curl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0853 advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapli...
CVE-2025-23419
A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...
BIT-NGINX-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
UBUNTU-CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
SSL session reuse vulnerability
SSL session reuse vulnerability Severity: medium CVE-2025-23419 Not vulnerable: 1.27.4+, 1.26.3+ Vulnerable: 1.11.4-1.27.3...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...