95 matches found
SUSE CVE-2013-6491
The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2022-41694
In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate...
Fortinet FortiOS 缓冲区错误漏洞
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS has a denial-of-service vulnerability that originates from the ability to force a NULL pointer to be dereferenced through the SSL VPN Portal, which can be...
The vulnerability in the implementation of the SSLContext class in My Cloud OS operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SSLContext class implementation in My Cloud OS networking storage operating systems is related to the choice of a less secure algorithm during negotiation processes. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...
Eclipse Jetty 安全漏洞
Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty, which stems from a pooled ByteBuffer that is not freed by SslConnection, and affects the following products and versions: versions 10.0....
SSL VPN 代码问题漏洞
SSL VPN is a new VPN technology that uses the SSL protocol for remote access. It includes: server authentication, client authentication, data integrity over the SSL link and data confidentiality over the SSL link. A code issue vulnerability exists in SSL VPN that stems from the product's failure ...
Stormshield Network Security 访问控制错误漏洞
Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability in Stormshield 1.1.0 and 2.1.0 through 2.9.0 could allow an attacker to block client access to the VPN and gain access to sensitive information...
ARM mbed TLS 安全漏洞
ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. A security vulnerability exists in ARM mbed TLS versions prior to 2.24.0, which stems from a lack of clearing of the plaintext buffer in mbedtlssslread to erase unused application data from...
Cisco Firepower Threat Defense 输入验证错误漏洞
Cisco Firepower Threat Defense FTD is unified software that provides next-generation firewall services. A denial-of-service vulnerability exists in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense, which can be exploited by an attacker to cause a process crash by sendi...
AZL-45213 CVE-2021-31597 affecting package js-jquery 3.5.0-4
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...
puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List CRL. The primary risk is the availability of communications to computing systems and not Puppet itself. This flaw allows an attacker to submit a...
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
...
Error: "Invalid Certificate" When Installing SSL Certificate on ADC Appliance
When attempting to install an Secure Socket Layer SSL certificate on an ADCappliance, the process fails with error "invalid certificate"...
undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...
Types of NetScaler and NetScaler Gateway Licenses
This article describes the types of licenses available for NetScaler and NetScaler Gateway appliances. NetScaler licenses are assigned to physical MPX and virtual VPX appliances. Logical SDX appliances require licenses for each physical appliance and each virtual instance. Refer to NetScaler...
Milesight IP security cameras trust management issue vulnerability (CNVD-2019-40063)
Milesight IP security cameras are IP camera products from China Pulse Digital Technology Milesight. A security vulnerability exists in Milesight IP security cameras version 2016-11-14 and earlier, which stems from a hardcoded SSL private key stored in the /etc/config directory. No details of the...
Cisco Firepower Threat Defense Input Validation Vulnerability
Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. An input validation vulnerability exists in the detection engine in Cisco FTD, which can be exploited by a remote attacker to cause a denial of...
CVE-2018-15317
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients will be unable to access the...
+Message App Unable to Validate SSL Server Certificate Vulnerability
+Message App is an APP application. +Message App is unable to validate SSL server certificates, and a man-in-the-middle attack may allow an attacker to eavesdrop on encrypted communications...
PT-2018-8796 · Cisco · Cisco Firepower System +1
Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software affected versions not specified Description: A vulnerability in the detection engine could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory, slowing...