Canary mail trust management issue vulnerability

Canary mail is a software application from Canary Corporation in the United States. It provides an encrypted e-mail function feature. A trust management issue vulnerability exists in Canary Mail, which arises from the lack of SSL certificate validation for IMAP in STARTTLS mode...

Vulnerabilities fixed in OpenSSL

Vulnerabilities have been fixed in OpenSSL. The vulnerabilities allow a malicious party to remotely initiate a denial-of-service by offering a rogue certificate to to an SSL server or SSL client. When an SSL server still supports SSLv2, it is possible to inadvertently establish a connection and...

nodejs: use-after-free in the TLS implementation

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

nodejs: use-after-free in the TLS implementation

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

Managed Switch Port Mapping Tool 2.85.2 - Denial of Service Exploit

Exploit Title: Managed Switch Port Mapping Tool 2.85.2 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download.htm Version: 2.85.2 Tested on: Windows 10 Home x64 STEPS Open the program Managed Switch...

nodejs: use-after-free in the TLS implementation

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

lldp/openvswitch: denial of service via externally triggered memory leak

A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability...

nodejs: use-after-free in the TLS implementation

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

CVE-2021-20335

For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and c...

BIG-IP security vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in BIG-IP that stems from the vulnerability of TLS connections that do not use EMS to man-in-the-middle attack...

MongoDB Ops Manager Security Vulnerability

MongoDB Ops Manager is a solution from MongoDB USA that supports managing, monitoring and backing up MongoDB deployments. A security vulnerability exists in MongoDB Ops Manager that stems from an error triggered by upgrading to MongoDB Ops Manager 4.4.X with SSL turned on in MongoDB...

CVE-2021-27167

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init3bbpassword in libciadaptationlayer.so...

USN-4660-2: Linux kernel regression | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This updat...

Cesanta Mongoose 缓冲区错误漏洞

Mongoose is a C/C++ network library. An out-of-bounds write vulnerability exists in the mgtlsinit function in Cesanta Mongoose 7.0, 6.7-6.18. An attacker can exploit this vulnerability via a connection request to cause an out-of-bounds write after the memory pool is exhausted...

Qualcomm RIL Buffer Error Vulnerability

Qualcomm RIL is a Qualcomm Incorporated USA support component used in chips. A buffer error vulnerability exists in Qualcomm RIL, which arises from a stack overflow that can occur when the configuration size of a GSM WCDMA broadcast received from a user is larger than a variable-length array...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation. DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior sending an ED22519, ED448, ECC, or RSA signature without the corresponding...

The vulnerability of the Radio Interface Layer Device (rild) implementation in the Android operating system, related to the disclosure of information that allows a malicious actor to gain unauthorized access to protected information

The vulnerability of the Radio Interface Layer Device rild implementation in the Android operating system is related to the disclosure of information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

CVE-2020-11152

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...