USN-6901-1: stunnel vulnerability

It was discovered that stunnel did not properly validate client certificates when configured to use both the redirect and verifyChain options. A remote attacker could potentially use this issue to obtain sensitive information by accessing the tunneled service...

CVE-2021-26112

Multiple stack-based buffer overflow vulnerabilities CWE-121 both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests...

Stack overflow

Multiple stack-based buffer overflow vulnerabilities CWE-121 both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests...

CVE-2021-26112

Multiple stack-based buffer overflow vulnerabilities CWE-121 both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests...

CVE-2021-26112

Multiple stack-based buffer overflow vulnerabilities CWE-121 both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests...

FortiWAN - Stack-based buffer overflow in bmstatd

Multiple stack-based buffer overflow vulnerabilities CWE-121 both in network daemons and in the command line interpreter of FortiWAN may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests...

NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash

nss: CERTDecodeCertPackage crash with Netscape Certificate Sequences I noticed that the main entrypoint for decoding DER blobs in NSS, CERTDecodeCertPackage, actually handles multiple formats including PEM, PKCS7, and old Netscape Certificate Sequences. You can generate a Netscape Certificate...

Updated stunnel package fixes security vulnerability

Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with "verify = 2" or higher, then on...

DSA-3299-1 stunnel4 - security update

Bulletin has no description...

Debian DSA-2664-1 : stunnel4 - buffer overflow

Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager NTLM authentication 'protocolAuthentication = NTLM' together with the 'connect'protocol method 'protocol = connect'. With these...

[SECURITY] [DSA 2664-1] stunnel4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2664-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 2, 2013 http://www.debian.org/security/faq -...