OpenSSL 3.5.0 < 3.5.6 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.5.6 advisory. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to negotiate a new token when accepting an invite, which allows an attacker who intercepts both the invite and password to send synchronization payloads to the original server...

CVE-2025-6227

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-6227

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

SUSE CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

Denial Of Service

ring is vulnerable to denial of service. The vulnerability exists due to a 183 response causing negotiation failure...

UBUNTU-CVE-2021-21375

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first on...

DEBIAN-CVE-2021-26906

An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...

CVE-2021-26906

An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...

Qemu: qemu-nbd crashes due to undefined I/O coroutine

An assertion-failure flaw was found in the Network Block Device NBD server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to...

CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

DEBIAN-CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

Apache 2.0 - Full Path Disclosure

source: https://www.securityfocus.com/bid/5485/info A path disclosure vulnerability has been reported in Apache 2.0.x. It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files such as error documents that have been mapped by the server by typ...