37 matches found
CVE-2026-59998
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...
CVE-2026-59998
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...
EUVD-2026-42141
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...
Astra Linux – Vulnerability in Heimdal
Before version 7.7.1, Heimdal allowed attackers to cause a NULL pointer dereference in an SPNEGO acceptor, by using a preferredmechtype of GSSCNOOID and a non-zero initialresponse value for sendaccept...
GHSA-FW88-PF9M-P947 Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions
Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...
EUVD-2015-4968
Malware in sbrugna...
EUVD-2021-31573
Malicious code in bioql PyPI...
Rustls: rustls network-reachable panic in `acceptor::accept`
...
GHSA-QG5G-GV98-5FFH rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
RUSTSEC-2024-0399 rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
PT-2024-40945 · Unknown +1 · Tokio-Rustls +2
Name of the Vulnerable Software and Affected Versions: rustls version 0.23.13 Description: A bug in rustls leads to a panic if the received TLS ClientHello is fragmented. This issue affects servers using rustls::server::Acceptor::accept and tokio-rustls's LazyConfigAcceptor API, but not those usi...
CVE-2021-44758
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to sendaccept...
CVE-2021-44758
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to sendaccept...
CVE-2021-44758
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to sendaccept...
Heimdal 代码问题漏洞
Heimdal is a Kerberos implementation and security program from Heimdal Open Source. Heimdal has a security vulnerability that stems from a NULL dereference in the SPNEGO acceptor that leads to a DoS...
CVE-2020-10125
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor BNA software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files...
Code injection
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...
CVE-2020-10126
CVE-2020-10126 concerns NCR SelfServ ATMs running APTRA XFS 05.01.00 . The issue is that the update process during boot does not validate the signature of CAB archives on removable media, causing arbitrary code execution with SYSTEM privileges when updating the BNA (bunch note acceptor). An attac...