EUVD-2019-3225

Malware in sbrugna...

SUSE: Security Advisory (SUSE-SU-2020:3152-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3149-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : apache-commons-httpclient (openSUSE-2020-1875)

This update for apache-commons-httpclient fixes the following issues : - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Security update for apache-commons-httpclient (important)

openSUSE Security Update: Security update for apache-commons-httpclient Announcement ID: openSUSE-SU-2020:1873-1 Rating: important References: 1178171 945190 Cross-References: CVE-2014-3577 CVE-2015-5262 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...

Denial of service

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service...

Design/Logic Flaw

The Bodyguard for Hire aka com.dreamstep.wBodyGuardforHire application 0.18.13146.42280 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

The remote host is affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. MitM attackers can decrypt a...

CVE-2014-5600

The familyconnect aka com.comcast.plaxo.familyconnect.app application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Code injection

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...