2876 matches found
ALPINE-CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...
CVE-2020-11267
Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
SUSE: Security Advisory (SUSE-SU-2016:0748-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:1058-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in RC4 stream cipher affects Informix Genero (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Informix Genero. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...
Security Bulletin: TLS padding vulnerability affects Informix Dynamic Server ( CVE-2014-8730)
Summary IBM Informix Dynamic Server can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Dynamic Server. CVEID: CVE-2014-8730 DESCRIPTION: I...
Security Bulletin: TLS padding vulnerability affects Informix Client Software Development Kit (CSDK) ( CVE-2014-8730)
Summary Informix Client Software Development Kit CSDK can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Client Software Development Kit...
[SECURITY] [DLA 2672-1] imagemagick security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2672-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 02, 2021 https://wiki.debian.org/LTS -...
Information Disclosure
imagemagick:edge is vulnerable to information disclosure. A flaw was found in ImageMagick in versions, leading to a potential cipher leak when the calculate signatures in TransformSignature is possible...
OESA-2021-1198 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
Researchers Warn of Facefish Backdoor Spreading Linux Rootkits
Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different...
[slackware-security] curl
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.77.0-i586-1slack14.2.txz: Upgraded. This update fixes security issues: schannel cipher selection surprise TELNET sta...
CVE-2018-16499
The CVE-2018-16499 entry concerns Versa Networks Versa VOS. The connected records indicate the issue stems from the use of unapproved SSH encryption protocols or cipher suites, enabling a network-endpoint attacker to perform a man-in-the-middle attack and potentially view communications between a...
CURL-CVE-2021-22897 Schannel cipher selection surprise
libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPTSSLCIPHERLIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS,...
Schannel cipher selection surprise
libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPTSSLCIPHERLIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS,...
Versa VOS 加密问题漏洞
Versa Networks VOS is an operating system from Versa Networks, USA. The highly flexible VOS enables enterprises, organizations and service providers to deploy Versa SASE in branch offices, clouds, campuses and data centers. A security vulnerability exists in Versa VOS that stems from the use of...
Haxx libcurl 加密问题漏洞
HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. Haxx libcurl suffers from a cryptographic issue vulnerability that stems from the fact that libcurl allows applications to specify a...
CVE-2020-18220
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...
3.6 bug fix and enhancement update
An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...