20 matches found
CVE-2009-4923
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to cause a denial of service traceback via TLS fragments, aka Bug ID CSCso53162...
EUVD-2018-2504
Malware in sbrugna...
EUVD-2007-5544
Malware in sbrugna...
EUVD-2024-34179
Malicious code in bioql PyPI...
EUVD-2012-2326
Malicious code in bioql PyPI...
CVE-2025-41361
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit th...
USN-7543-1: libsoup vulnerabilities
Jan Różański discovered that libsoup incorrectly handled certain headers when sending HTTP/2 requests over TLS. An attacker could possibly use this issue to cause a denial of service. This issue only affected libsoup3 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. CVE-2025-32908 Jan Różańsk...
FreeBSD : openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2 (2cad4541-0f5b-11f0-89f8-411aefea0df9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2cad4541-0f5b-11f0-89f8-411aefea0df9 advisory. Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abor...
Linux Distros Unpatched Vulnerability : CVE-2024-28755
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtlssslsessionreset API, the maximum TLS version to be...
CVE-2024-11738
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service panic via a fragmented TLS ClientHello message...
CVE-2024-11738
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service panic via a fragmented TLS ClientHello message...
GHSA-FH2R-99Q2-6MMG rustls-webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...
CVE-2021-44769 TLS Certificate Generation Function Improper Input Validation
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2022-1632
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of...
CVE-2022-1632
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of...
SUSE-SU-2021:0955-2 Security update for openssl-1_1
This update for openssl-11 fixes the security issue: CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension but includes a signaturealgorithmscert...
CVE-2022-1632
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of...
OPENSUSE-SU-2020:0910-1 Security update for squid
This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake bsc1173304. Other issues addressed: - Reverted to slow search for new SMP s...
SUSE-SU-2016:0428-1 Security update for java-1_6_0-ibm
This update for java-160-ibm fixes the following issues by updating to 6.0-16.20 bsc963937 - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...
CVE-2013-4353
The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake...