BMC Control-M Stack Buffer Overflow Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that originates from formatting an error message when SSL/TLS communication is misconfigured, no...

CVE-2025-8614 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system allows a hacker to circumvent security restrictions.

The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system is related to the lack of verification for certificate revocation. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

The vulnerability of the SSL VPN remote access technology for SonicOS operating systems allows a hacker to increase their privileges.

The vulnerability of the SSL VPN remote access technology implemented on SonicOS is related to the bypassing of authentication due to a fundamental error in the implementation. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...

The vulnerability of the Intel QuickAssist driver package (Intel QAT Engine for OpenSSL) arises from manipulating an unknown input, leading to a timing-related flaw that allows an attacker to disclose protected information.

The vulnerability of the Intel QuickAssist Driver Package Intel QAT Engine for OpenSSL is related to manipulating an unknown input, resulting in a timing-related flaw. Exploiting this vulnerability could allow an attacker to disclose protected information...

Intelligent Freenow 安全漏洞

Intelligent Freenow is a cab booking software from Intelligent. A security vulnerability exists in Intelligent Freenow version 12.10.0, which stems from the parameter DEFAULTKEYSTOREPASSWORD in the file ch/qos/logback/core/net/ssl/SSL.java that can lead to the use of hard-coded passwords...

PT-2023-8494 · Curl +2 · Curl +2

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue is related to a flaw in curl where it inadvertently keeps the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. This allows a...

多款Cisco产品 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software that stems from a vulnerability in the hardware-based...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

Jenkins Plugin NeuVector Vulnerability Scanner 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...

SUSE CVE-2005-0237

The International Domain Name IDN support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing...

SUSE CVE-2006-3738

Buffer overflow in the SSLgetsharedciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers...

SUSE CVE-2007-5195

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196...

SUSE CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2022-41694

In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS has a denial-of-service vulnerability that originates from the ability to force a NULL pointer to be dereferenced through the SSL VPN Portal, which can be...

The vulnerability in the implementation of the SSLContext class in My Cloud OS operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SSLContext class implementation in My Cloud OS networking storage operating systems is related to the choice of a less secure algorithm during negotiation processes. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...