Microsoft ASP.NET Core 数据伪造问题漏洞

Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core has a vulnerability related to data manipulation, caused by...

GHSA-QCMW-8MM4-4P28 Antrea has Missing Encryption of Sensitive Data

Impact This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctl...

SUSE-SU-2025:1262-1 Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059164 fixes several issues. The following security issues were fixed: - CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. - CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. - CVE-2022-49564: crypto: qat - add param...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when processing FIPS encryption or decryption verification function IOCTL calls...

postgresql: libpq processes unencrypted bytes from man-in-the-middle

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

Mattermost Server Trust Management Issues Vulnerability (CNVD-2020-35447)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.9.0 that stems from encryption and signature verification not being mandatory. No details of the vulnerability are provided a...

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

Automated HTTPS Vulnerability Testing by Qualys SSL Labs

Automated HTTPS Vulnerability Testing by Qualys SSL Labs One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users...