tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

Design/Logic Flaw

Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections...

CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...

CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...

CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...

CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...

CVE-2009-5004

CVE-2009-5004 : In qpid-cpp 1.0, a crash occurs when a large message is sent while the Digest-MD5 mechanism with a security layer is in use. This is the only concrete detail available in the provided docs; no exploitation, mitigation, or affected version ranges are specified beyond this descripti...

CVE-2019-5690

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges...

OS Layer Finalize fails with error "It looks like the packaging Machine has never been powered on".

While finalizing an OS layer edit in the App Layering appliance, you receive an error,"It looks like the packaging Machine has never been powered on." Can see the below error in ELM logs: 2019-11-01 09:53:36,890 ERROR 27 CpTaskResultMessag: Got Error type GlobalizedError. FailureReason: It looks...

UBUNTU-CVE-2014-3180

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restartsyscall uses uninitialized data when restarting compatsysnanosleep. NOTE: this is disputed because the code path is unreachable...

Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates withou...

containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

Low: lldpad security and bug fix update

The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol LLDP Agent with Enhanced Ethernet support. Security Fixes: lldptool: improper sanitization of shell-escape codes CVE-2018-10932 For more details about the security issues,...

RLSA-2019:3673 Low: lldpad security and bug fix update

The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol LLDP Agent with Enhanced Ethernet support. Security Fixes: lldptool: improper sanitization of shell-escape codes CVE-2018-10932 For more details about the security issues,...

Milesight IP security cameras trust management issue vulnerability (CNVD-2019-40063)

Milesight IP security cameras are IP camera products from China Pulse Digital Technology Milesight. A security vulnerability exists in Milesight IP security cameras version 2016-11-14 and earlier, which stems from a hardcoded SSL private key stored in the /etc/config directory. No details of the...

DEBIAN-CVE-2019-5010

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted...

chromium-browser: IP address spoofing to servers

Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections...

CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

The vulnerability of the TLS (Transport Layer Security) protocol implementation in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the TLS Transport Layer Security protocol implementation in Windows operating systems is related to deficiencies in session fixation. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information by connecting...

The vulnerability of the implementation of the Virtual Private Network (VPN) technology based on Secure Sockets Layer (SSL) and Transport Layer Security (TLS protocols, provided by the Cisco Adaptive Security Appliance – ASA) allows a perpetrator to cause service interruptions.

The vulnerability of the VPN technology based on Secure Sockets Layer SSL and Transport Layer Security TLS implemented by Cisco Adaptive Security Appliance ASA is related to errors in string processing in the Base64 encoding format. Exploiting this vulnerability can allow an attacker to cause a...