SUSE CVE-2020-7042

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted only a malformed certificate may be accepted...

Dan DeFelippi node-XMLHttpRequest 信任管理问题漏洞

Dan DeFelippi node-XMLHttpRequest is Dan DeFelippi an open source application . Used to simulate the browser XMLHttpRequest object . A trust management issue vulnerability exists in Node.js xmlhttprequest-ssl package versions prior to 1.6.1, which stems from the fact that no certificate will be...

Important: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: EDIPARTYNAME NULL pointer de-reference CVE-2020-1971 For more details about the security issues,...

Security Vulnerabilities fixed in Thunderbird 78 — Mozilla

When %2F was present in a manifest URL, Thunderbird's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...

Security Vulnerabilities fixed in Firefox 78 — Mozilla

When %2F was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...

UBUNTU-CVE-2020-7042

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted only a malformed certificate may be accepted...