EUVD-2026-33599

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

MiracleLinux 9 : gnutls-3.7.6-23.el9_3.3 (AXSA:2024-7484:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7484:02 advisory. gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 gnutls: incomplete fix for CVE-2023-5981 CVE-2024-0553 gnutls: rejects...

EUVD-2024-39425

Malicious code in bioql PyPI...

CVE-2024-42057

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

CVE-2024-42057

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 gnutls: incomplete fix for CVE-2023-5981...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

gnutls security update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 For more details about the security issues,...

Internet Key Exchange (IKE) Aggressive Mode Information Disclosure Vulnerability (CVE-2002-1623)

Internet Key Exchange IKE protocol enabled services running in / supporting the aggressive mode are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

SUSE: Security Advisory (SUSE-SU-2014:0319-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-5389

It was found that IKEv1 and potentially IKEv2 authentication when using a pre-shared key PSK is vulnerable to offline dictionary attacks in Main Mode as well as in Aggressive Mode. A man-in-the-middle attacker who intercepted the handshake of two peers authenticating with a PSK, could apply a...

CVE-2018-5389

CVE-2018-5389 concerns the IKEv1 main mode with Pre-Shared Keys (PSK). The vulnerability allows an offline dictionary/brute-force attack to recover a weak PSK and can enable impersonation of a host or network, particularly when PSKs are reused across versions/modes. Cross-protocol authentication ...

SUSE: Security Advisory for gnutls (SUSE-SU-2014:0323-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 11.3 Security Update : gnutls (SAT Patch Number 8949)

The GnuTLS library received a critical security fix and other updates : - The X.509 certificate verification had incorrect error handling, which could lead to broken certificates marked as being valid. CVE-2014-0092 - A verification problem in handling V1 certificates could also lead to V1...

Security fix for the ALT Linux 10 package gnutls30 version 2.6.3-alt1

Dec. 21, 2008 Afanasov Dmitry 2.6.3-alt1 - 2.6.3 release see NEW for details + Fix chain verification for chains that ends with RSA-MD2 CAs CVE-2008-4989 + Fix memory leak in PSK authentication. + gnutls-cli minor updates - return macroses that updates info's fix repocop warnings...

Security fix for the ALT Linux 9 package gnutls30 version 2.6.3-alt1

Dec. 21, 2008 Afanasov Dmitry 2.6.3-alt1 - 2.6.3 release see NEW for details + Fix chain verification for chains that ends with RSA-MD2 CAs CVE-2008-4989 + Fix memory leak in PSK authentication. + gnutls-cli minor updates - return macroses that updates info's fix repocop warnings...

CVE-2007-4422

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key PSK authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames...