Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the TLS module when a TLS server is configured with pskCallback or ALPNCallback. A remote attacker can crash or exhaust resources of a TLS server by sending input that causes the callback to throw an error...

SUSE-SU-2025:4475-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-90...

Security update 5.0.6 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

Security update 5.1.1.1 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

EUVD-2016-4508

Malware in sbrugna...

EUVD-2020-0174

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference vulnerability in the tls module tlsswspliceeof...

CVE-2024-35908

CVE-2024-35908 (Linux kernel) : The issue arises in TLS handling within tls_sw_recvmsg where a psock reference is taken before tls_rx_reader_lock; if the lock fails, the reference isn’t released, causing a leak. The fix postpones taking the psock reference until after successful locking, ensuring...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a vulnerability in the net:tls module...

openSUSE: Security Advisory for lighttpd (openSUSE-SU-2022:10132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : mod_gnutls -- Infinite Loop on request read timeout (e8b20517-dbb6-11ed-bf28-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e8b20517-dbb6-11ed-bf28-589cfc0f81b0 advisory. - Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including d...

Design/Logic Flaw

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824

Removed by vendor...

CVE-2023-25824

CVE-2023-25824 affects the Mod_gnutls TLS module for Apache HTTPD (GnuTLS-based). Versions 0.9.0 through 0.12.0 do not properly fail blocking read operations on TLS connections when the transport times out, instead entering an endless loop that can consume CPU resources and, if trace logging is e...

SUSE CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

SaltStack Salt Allows creating certificates with weak file permissions

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

Node.js: Built-in TLS module unexpectedly treats "rejectUnauthorized: undefined" as "rejectUnauthorized: false", disabling all certificate validation

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: "rejectUnauthorized: false"...

CVE-2020-17490

A flaw was found in Salt. The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. The highest threat from this vulnerability is to confidentiality...

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...