8 matches found
uTLS 安全漏洞
uTLS is an open-source Go language codebase developed by Refraction Networking. Versions of uTLS 1.6.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of a TLS 1.3 downgrade protection mechanism, which could lead to connection downgrade attacks...
Linux Distros Unpatched Vulnerability : CVE-2024-28755
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtlssslsessionreset API, the maximum TLS version to be...
CVE-2024-41909
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...
EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1765)
According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2023-462)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-462 advisory. AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applie...
postgresql: Reconnection can downgrade connection security settings
A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...
MGASA-2019-0103 Updated gnutls packages fix security vulnerability
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
Puppet Multiple Vulnerabilities (2013/03/12)
According to its self-reported version number, the version of Puppet Open Source or Puppet Enterprise running on the remote host has the following vulnerabilities : - A vulnerability that allows an authenticated client to execute arbitrary code on a puppet master. CVE-2013-1640 - A vulnerability...