155 matches found
grilo security update
0.3.6-3 + grilo-0.3.6-3 - Fix TLS not being validated correctly - Resolves: rhbz1997234...
CVE-2021-41079
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...
CVE-2021-41079
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...
CVE-2021-41079
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...
CVE-2021-36377
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...
SUSE: Security Advisory (SUSE-SU-2016:2470-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-27400
HashiCorp Vault and Vault Enterprise Cassandra integrations storage backend and database secrets engine plugin did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1...
Jenkins LTS < 2.277.2 / Jenkins weekly < 2.287 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.2 or Jenkins weekly prior to 2.287. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not valida...
DEBIAN-CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
CVE-2012-0955
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fix...
CVE-2020-16163
An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...
CVE-2020-16163
CVE-2020-16163 affects RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. The bug allows RRDP fetches to proceed without validating a TLS HTTPS endpoint, potentially allowing remote attackers to bypass access restrictions or cause DoS on co-dependent routing systems (RFC 8182 caveat noted b...
CVE-2020-15104 TLS Validation Vulnerability in Envoy
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of .example.com, Envoy would incorrectly allow nested.subdomain.example.com, wh...
GitHub Security Lab: CPP: Missing/incomplete TLS server certificate hostname validation
This bug was reported directly to GitHub Security Lab...
Design/Logic Flaw
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...
Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation
Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...
Electronegativity: An Open Source Electron Security Auditor
PenTestIT RSS Feed Electron is a pretty recent framework for building desktop applications and there are not many tools that deal with the security part either. There is a electronjs security checklist, providing guidelines for building secure applications, but there is no tool per-se - atleast...