httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

CVE-2025-59016

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

RHEL 8 : httpd:2.4 (RHSA-2025:15684)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15684 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

ROS-20250911-01

A vulnerability in the DNS load balancer and proxy for DNS traffic DNSdist is related to the assertion of availability when support for inbound DNS over HTTPS is enabled using the nghttp2 provider, and requests are are routed to a TCP-only backend or DNS over TLS. Exploitation of the vulnerabilit...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

CLSA-2025-1757501175 httpd: Fix of CVE-2025-49812

CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attacks in modssl configurations...

Linux Distros Unpatched Vulnerability : CVE-2021-20335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the...

Linux Distros Unpatched Vulnerability : CVE-2013-6662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google Chrome caches TLS sessions before certificate validation occurs. CVE-2013-6662 Note that Nessus relies on the presence of the package as reported by the...

Overcoming DNSSEC Islands of Security: a TLS and IP-Based Certificate Solution

The Domain Name System DNS serves as the backbone of the Internet, primarily translating domain names to IP addresses. Over time, various enhancements have been introduced to strengthen the integrity of DNS. Among these, DNSSEC stands out as a leading cryptographic solution. It protects against...

Linux Distros Unpatched Vulnerability : CVE-2022-36937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published...

Linux Distros Unpatched Vulnerability : CVE-2024-37015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ada Web Server 20.0. When configured to use SSL which is not the default setting, the SSL/TLS used to establish connections to extern...

Linux Distros Unpatched Vulnerability : CVE-2022-34676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service,...

Linux Distros Unpatched Vulnerability : CVE-2020-24619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyModeQSslSocket::VerifyNone. A man-in-the-middle attacker cou...

Linux Distros Unpatched Vulnerability : CVE-2022-31617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys, where a local user with basic capabilities can cause an...

Linux Distros Unpatched Vulnerability : CVE-2022-40735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van...

EulerOS 2.0 SP10 : shim (EulerOS-SA-2025-2086)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in...

Republic and Incentiv Partner to Simplify and Reward Web3 Participation

Republic today announced a strategic partnership with Incentiv, an EVM-compatible Layer 1 blockchain designed to make Web3 simple,…...

CLSA-2025-1757428404 Fix CVE(s): CVE-2025-23048

SECURITY UPDATE: access control bypass by trusted clients via TLS 1.3 session resumption - debian/patches/CVE-2025-23048.patch: update SNI validation to fix compatibility issue - CVE-2025-23048...

TYPO3 CMS exposes sensitive information in an error message

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

CVE-2025-59016

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...