96 matches found
Medium: python
Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...
firefox: Alt-Svc ALPN validation failure when redirected
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...
firefox: Alt-Svc ALPN validation failure when redirected
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...
firefox: Alt-Svc ALPN validation failure when redirected
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...
SUSE CVE-2025-0239
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...
SUSE SLED15: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2024:4174-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4174-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS appli...
Security update for postgresql15
This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-5535)
The version of cloud-hypervisor-cvm / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5535 advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty...
OESA-2024-1879 openssl security update
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...
AZL-47733 CVE-2024-5535 affecting package hvloader for versions less than 1.0.1-6
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
AZL-78567 CVE-2024-5535 affecting package openssl-fips-provider 3.1.2-1
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
ALPINE-CVE-2024-5535
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
DEBIAN-CVE-2024-5535
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
AZL-43309 CVE-2024-5535 affecting package openssl for versions less than 1.1.1k-33
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
AZL-42975 CVE-2024-5535 affecting package openssl for versions less than 3.3.0-2
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
UBUNTU-CVE-2024-5535
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
OpenSSL 1.0.2 < 1.0.2zk Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or...
HTTP NTLM Information Disclosure
Windows New Technology LAN Manager NTLM is a suite of Microsoft security protocols designed to offer authentication, integrity and confidentiality to users. In Windows environments, NTLM authentication is often supported over HTTP in order to protect access to specific resources. During the...
PT-2023-23703 · Mymail · Mymail
Name of the Vulnerable Software and Affected Versions: myMail app versions through 14.30 for iOS Description: The issue concerns the myMail app sending cleartext credentials in a situation where STARTTLS is expected by a server. This occurs when the app is used with a server that expects a secure...
SUSE CVE-2013-4353
The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake...