37 matches found
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
PYSEC-2020-105
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
Code injection
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
PYSEC-2020-105
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
CVE-2020-17490
CVE-2020-17490 affects SaltStack Salt (TLS module) up to version 3002, where the TLS execution module creates certificates with weak file permissions. The root cause is improper permissions on certificate files, potentially exposing private keys and enabling unintended access to sensitive materia...
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
CVE-2019-5280
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered...
Security feature bypass
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered...
Security Advisory - TLS Certificate Verification Vulnerability in Huawei 7900 IP Phones
There is a TLS certificate verification vulnerability in the SIP TLS module of Huawei 7900 IP Phones. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally,...
CVE-2016-3482
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...
Design/Logic Flaw
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...
CVE-2016-3482
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...
CVE-2016-3482
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module...
openSUSE Security Update : tor (openSUSE-SU-2014:0975-1)
Tor 0.2.4.23 bnc889688 CVE-2014-5117 Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series. - Major features : - Clients now look at the 'usecreatefast' consensus parameter to decide whether to use CREATEFAST or CREATE cells for the...
CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...