Improper Verification Of Cryptographic Signature

Apache Spark is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the use of an unauthenticated default encryption cipher AES/CTR/NoPadding for RPC communication when spark.network.crypto.enabled is true and no cipher is explicitly configured, which allow...

PYSEC-2025-184

This issue affects Apache Spark versions before 3.4.4,3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.When spark.network.crypto.enabled is set to true it is set to false by default, but...

Security update for gpg2 (important)

openSUSE Security Update: Security update for gpg2 Announcement ID: openSUSE-SU-2022:2546-1 Rating: important References: 1196125 1201225 Cross-References: CVE-2022-34903 CVSS scores: CVE-2022-34903 NVD : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-34903 SUSE: 6.8...

OPENSUSE-SU-2022:2546-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability bsc1201225. - Use AES as default cipher instead of 3DES when we are in FIPS mode. bsc1196125...

SUSE-SU-2022:2546-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability bsc1201225. - Use AES as default cipher instead of 3DES when we are in FIPS mode. bsc1196125...

Apache Shiro Default Cipher Key (CVE-2016-4437)

Binary data apacheshirocve-2016-4437.nbin...

SUSE-SU-2018:0230-1 Security update for curl

This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects bsc1077001 This non-security issue was fixed: - Set DEFAULTSUSE as the default cipher list bsc1027712...

SUSE-SU-2018:0112-1 Security update for openssl

This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-7056: ECSDA P-256 timing attack key recovery bsc1019334 - CVE-2017-3731: Truncated packet could crash via OOB read bsc1022085 - CVE-2016-8610: remote denial of service in SSL alert handling bsc1005878 -...

shiro: Security constraint bypass

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

shiro: Security constraint bypass

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

CVE-2016-4437

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

USN-2624-1 openssl update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

PT-2006-7520 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.28 through 4.1.31 Apache Tomcat versions 5.0.0 through 5.0.30 Apache Tomcat versions 5.5.0 through 5.5.17 Description: The default SSL cipher configuration uses certain insecure ciphers, including the anonymous...