13 matches found
SUSE CVE-2025-66614
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...
CVE-2025-66614
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...
Improper Certificate Validation
Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in the SNI extension, when client certificate authentication relies exclusively on the Connector and is not enforced in the web...
Improper Certificate Validation
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Certificate Validation in the SNI extension, when client certificate authentication relies exclusively on the Connector and is not enforced in the web...
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
The Curl library had a security vulnerability where the certificate name check was bypassed when connecting to a host via its IP address. This could have potentially introduced spoofing attacks or unauthorized access due to unverified server certificate. The issue affected Curl with MbedTLS from...
Transparent Man-in-the-Middle TLS Proxy: ratched
ratched is a Man-in-the-Middle MitM proxy that specifically intercepts TLS connections. It is intended to be used in conjunction with the Linux iptables REDIRECT target; all connections that should be intercepted can be redirected to the local ratched port. Through the SOORIGINALDST sockopt,...
Heap overflow
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS formerly PolarSSL 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code via a long hostname to the server name indication SNI...
CVE-2015-5291
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS formerly PolarSSL 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code via a long hostname to the server name indication SNI...
CVE-2015-5291
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS formerly PolarSSL 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code via a long hostname to the server name indication SNI...
CVE-2015-5291
CVE-2015-5291 and CVE-2015-8036 describe heap-based buffer overflows in PolarSSL (mbed TLS) that affect PolarSSL 1.x before 1.2.17 and mbed TLS 1.3.x before 1.3.14 and 2.x before 2.1.2. The flaw stems from improper boundary handling of the hostname/SNI extension in ClientHello, enabling remote at...
CVE-2015-5291
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS formerly PolarSSL 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code via a long hostname to the server name indication SNI...
mbedtls: arbitrary code execution
When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension an...
Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security
It is finally time to say GoodBye to the old and insecure Web security protocols. Citing the long history of weaknesses in the Secure Sockets Layer SSL 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end...