27 matches found
DEBIAN-CVE-2024-28755
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtlssslsessionreset API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection,...
UBUNTU-CVE-2024-28755
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtlssslsessionreset API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection,...
UBUNTU-CVE-2023-52353
An issue was discovered in Mbed TLS through 3.5.1. In mbedtlssslsessionreset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum...
PT-2024-14545 · Mbed Tls +1 · Mbed Tls +1
Name of the Vulnerable Software and Affected Versions: Mbed TLS versions through 3.5.1 Description: An issue was discovered in the mbedtls ssl session reset function, where the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes t...
ProjectSend Security Vulnerability
ProjectSend formerly cFTP is a suite of self-hosted applications based on PHP and MySQL. ProjectSend before r1295 suffers from a security vulnerability that incorrectly resets passwords due to faulty business logic...
UBUNTU-CVE-2019-18197
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...
ALPINE-CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...