net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

Linux Distros Unpatched Vulnerability : CVE-2024-43841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: virtwifi: avoid reporting connection success with wrong SSID When user issues a...

The vulnerability of the PingID software for multi-factor authentication of applications in Windows occurs due to errors in verifying the connection with the local Java service. This allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the PingID software for multi-factor authentication of applications relates to errors in verifying the connection with the local Java service. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...

GO-2022-0171 Mishandled trust preferences for root certificates on Darwin in crypto/x509

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

PT-2021-10271 · Gate One · Gateone

Name of the Vulnerable Software and Affected Versions: Gate One version 1.2.0 Description: The issue allows attackers to bypass the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. Recommendations: For Gate One version 1.2.0,...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2020-1028)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...