net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

Linux Distros Unpatched Vulnerability : CVE-2024-43841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: virtwifi: avoid reporting connection success with wrong SSID When user issues a...

GO-2022-0171 Mishandled trust preferences for root certificates on Darwin in crypto/x509

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

PT-2021-10271 · Gate One · Gateone

Name of the Vulnerable Software and Affected Versions: Gate One version 1.2.0 Description: The issue allows attackers to bypass the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. Recommendations: For Gate One version 1.2.0,...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2020-1028)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...