522 matches found
MGASA-2020-0268 Updated gnutls packages fix security vulnerability
Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...
Man-in-the-middle (MitM)
kylin-engine-mr is vulnerable to man-in-the-middle MitM attack. It is possible because it uses insecure TLS in the function createEasySSLContext in DefaultSslProtocolSocketFactory.java, allowing a man-in-the-middle to intercept the connection...
DEBIAN-CVE-2020-13645
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate...
Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability (cisco-sa-ftd-tls-dos-4v5nmWtZ)
According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a denial of service DoS vulnerability in its SSL/TLS handler component due to a communication error between internal functions. An unauthenticated, remote attacker can exploit this issue, by sending a...
The vulnerability of the implementation of the HMAC-SHA-256 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.
The vulnerability of the HMAC-SHA-256 mechanism implemented in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recovers the...
Security Bulletin: Resilient is vulnerable to TLS v1.0 and v1.1 connections
Summary Resilient versions before v35.2 are vulnerable to TLS v1.0 and v1.1 connections. These are no longer considered secure, therefore are not supported as of v35.2, Released in Jan 2020. Vulnerability Details CVEID: CVE-2019-4580 DESCRIPTION: IBM Resilient OnPrem uses weaker than expected...
Security Bulletin: IBM MegaRAID Storage Manager is affected by a vulnerability in TLS (CVE-2019-6485)
Summary The following vulnerability in TLS has been addressed by IBM MegaRAID Storage Manager. Vulnerability Details CVEID: CVE-2019-6485 DESCRIPTION: Citrix NetScaler Application Delivery Controller and NetScaler Gateway could allow a remote attacker to obtain sensitive information, caused by a...
Security Bulletin: TLS padding vulnerability affects IBM Security Access Manager for DataPower (CVE-2014-8730)
Summary IBM Security Access Manager version 8.0.0.5 for DataPower is affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Security Access Manager version 8.0.0.5 for DataPower...
The vulnerability of the TLS protocol implementation in the Dovecot mail server, related to resource exhaustion, allows attackers to cause service failures.
The vulnerability of the Dovecot mail server’s TLS protocol implementation is related to a configuration error. Exploiting this vulnerability could allow a malicious actor to cause service failures...
SUSE-SU-2020:0488-1 Security update for nodejs6
This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...
ALSA-2020:0579 Important: nodejs:10 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...
Razer: Insecure HostnameVerifier within WebView of Razer Pay Android (TLS Vulnerability)
The tester discovered the Razer Pay Android application was vulnerable to a client side hijack which could have allowed the capture of important user data. Razer Fintech thanks the tester for their clear PoC...
CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...
Information disclosure
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...
CVE-2015-2802
CVE-2015-2802 affects HP SiteScope 11.2/11.3 (Windows/Linux/S Solaris) and HP Asset Manager 9.30–9.32, 9.40–9.41, 9.50, plus Asset Manager Cloudsystem Chargeback 9.40. The vulnerability is a TLS RC4/Bar Mitzvah information disclosure, enabling a remote attacker to obtain sensitive information. Th...
CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...
CVE-2019-13680
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections...
CVE-2019-2821
Vulnerability in the Java SE component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human...
OPENSUSE-SU-2019:2281-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. bsc1145559 - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel bsc1133625. - CVE-2019-11494: Fixed a...
CVE-2019-0231
Handling of the closenotify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This...