The vulnerability of the ssl3_read_bytes function (record/rec_layer_s3.c) in the OpenSSL library, which allows a hacker to cause a service failure.

The vulnerability of the ssl3readbytes function in the record/reclayers3.c file of the OpenSSL library exists due to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

gnutls: session resumption works without master key allowing MITM

A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...

gnutls: session resumption works without master key allowing MITM

A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...

PT-2020-14105 · Threattrack · Vipre Password Vault

Name of the Vulnerable Software and Affected Versions: ThreatTrack VIPRE Password Vault app versions through 1.100.1090 for iOS Description: The issue is related to missing SSL certificate validation. Recommendations: For ThreatTrack VIPRE Password Vault app versions through 1.100.1090, update to...

The vulnerability of the SSL_check_chain function in the TLS protocol implementation of the OpenSSL library involves the possibility of reassigning the null pointer due to incorrect processing of the “signature_algorithms_cert” extension in TLS. This allows a perpetrator to cause a service failure.

The vulnerability of the SSLcheckchain function in the TLS protocol implementation of the OpenSSL library is related to the possibility of replacing the zero pointer due to incorrect processing of the “signaturealgorithmscert” extension in TLS. Exploiting this vulnerability can allow a malicious...

DEBIAN-CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...

DEBIAN-CVE-2020-14929

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...

UBUNTU-CVE-2020-14929

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...

CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...

CVE-2020-0539

Path traversal in subsystem for IntelR DAL software for IntelR CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and IntelR TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access...

wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...

Intel CSME Input Validation Error Vulnerability

Intel Converged Security and Management Engine CSME is a security management engine from Intel Corporation USA. An input validation error vulnerability exists in the DAL subsystem in Intel CSME. An attacker could exploit this vulnerability to cause a denial of service...

Intel TXE and CSME Path Traversal Vulnerability

Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation, U.S.A. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware authentication capabilities for use in CPUs central...

Intel CSME and TXE Input Validation Error Vulnerability

Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation, U.S.A. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware authentication capabilities for use in CPUs central...

Cisco Firepower Threat Defense Software Layer 2 Filtering Bypass (cisco-sa-20190501-asa-ftd-bypass)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability in the detection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent attacker to send data...

GnuTLS Encryption Problem Vulnerability (CNVD-2020-53541)

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.14. An attacker can exploit this vulnerability by performing a man-in-the-middle attack to bypass authentication in TLS version 1.3 and recover previou...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

DEBIAN-CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

ALPINE-CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...