EUVD-2019-7497

Malware in sbrugna...

Rocky Linux 8 : nss and nspr (RLSA-2020:3280)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3280 advisory. - Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. This vulnerability...

Oracle Linux 7 / 8 : olcne (ELSA-2021-9525)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9525 advisory. - Update Istio to 1.9.8 to address CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, CVE-2021-32780 & CVE-2021-32781 - Bump release, addresses the...

Envoy 代码问题漏洞

Envoy is an open source distributed proxy server. A code issue vulnerability exists in the Envoy functionality that stems from an invalid state transition from CLOSED to DRAINING in the same I/O event...

Amazon Linux 2 : nspr, nss-softokn, nss-util, nss (ALAS-2020-1559)

The version of nspr installed on the remote host is prior to 4.25.0-2. The version of nss installed on the remote host is prior to 3.53.1-3. The version of nss-softokn installed on the remote host is prior to 3.53.1-6. The version of nss- util installed on the remote host is prior to 3.53.1-1. It...

CVE-2019-17023

A protocol downgrade flaw was found in Network Security Services NSS. After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data...

CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

Design/Logic Flaw

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

Mozilla Firefox < 72.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 72.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-01 advisory. - Mozilla developers Karl Tomlinson, Jason Kratzer, Tyson Smith, Jon Coppeard, and Christian Holler reported...

Xen Denial of Service Vulnerability (CNVD-2018-09328)

Xen is an open source virtual machine monitor developed by the Xen Project. A denial of service vulnerability exists in 4.10.x and earlier versions of Xen. x86 HVM client OS users can attempt an invalid transition between requested states in the QEMU device model. An attacker can exploit this...