Fedora 44 : composer (2026-1140c02041)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1140c02041 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

Fedora 42 : composer (2026-d91f313a63)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d91f313a63 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

Apache Spark Encryption Problem Vulnerability (CNVD-2025-25376)

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...

EUVD-2020-20855

Malware in sbrugna...

EUVD-2012-0758

Malware in sbrugna...

GO-2024-2527 Insecure ciphers are allowed by default in go.etcd.io/etcd

The TLS ciphers list supported by etcd contains insecure cipher suites. Users may specify that an insecure cipher is used via “--cipher-suites” flag. A list of secure suites is used by default...

Duplicate

This advisory duplicates another...

GHSA-GR79-9V6V-GC9R Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating...

PT-2023-28747 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites. This issue affects the default...

SUSE CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts...

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

Siemens SICAM A8000 RTUs Protection Mechanism Failure (CVE-2020-28396)

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a users browser. An attacker in a privileged position...

CVE-2020-28396

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position...

CVE-2020-28396

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position...

Information disclosure

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position...

CVE-2020-28396

The CVE-2020-28396 entry affects Siemens SICAM A8000 RTUs (CP-8000, CP-8021, CP-8022) with all versions before V16. Root cause: a web server misconfiguration that enables insecure ciphers in the user’s browser, allowing an attacker in a privileged position to decrypt traffic and compromise confid...

CVE-2020-28396

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position...

Security Bulletin: Use of Aspera products with Windows XP/IE 8

Question Security Bulletin: Use of Aspera products with Windows XP/IE 8 Answer Description Due to OpenSSL vulnerabilities involving insecure ciphers in particular DES and triple DES ciphers Aspera products will be disabling these ciphers across its products including: Console Enterprise Server...

CVE-2019-3818

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the...

CVE-2019-3818

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the...