EUVD-2024-1174

Malicious code in bioql PyPI...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component. Vert. x is a toolkit to build reactive microservices.It is used to create a highly scalable and performant event-driven architecture for managing Kafka clusters. Vulnerability Details...

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

Memory Leak

vertx-core is vulnerable to a Memory Leak. The vulnerability is due to erroneous caching in the server name map for TCP servers configured with TLS and SNI support. This allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error...

CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

The Added Value of SNI-Only Mode in Imperva Cloud WAF

Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication SNI-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for the future roadmap. This blog post wil...

CVE-2024-1300

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

PT-2024-7970 · Eclipse · Eclipse Vert.X

Name of the Vulnerable Software and Affected Versions: Eclipse Vert.x affected versions not specified Description: A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name, the default...

SUSE: Security Advisory (SUSE-SU-2019:14163-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 32 : prosody (2020-a48bf86c27)

Prosody 0.11.7 ============== This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled modwebsocket. As well as upgrading, we recommend all public deployments to review and configure...

OPENSUSE-SU-2020:1505-1 Security update for libetpan

This update for libetpan fixes the following issues: Update to 1.9.4 boo1174579, CVE-2020-15953: Bugfixes on QUOTA Varios warning fixes & build fixes Update to version 1.9.3 Added IMAP CLIENTID / SMTP CLIENTID support Use Cyrus SASL 2.1.27 Update to version 1.9.2 Support of TLS SNI LMDB for cache...

OPENSUSE-SU-2020:1454-1 Security update for libetpan

This update for libetpan fixes the following issues: Update to 1.9.4 boo1174579, CVE-2020-15953: Bugfixes on QUOTA Varios warning fixes & build fixes Update to version 1.9.3 Added IMAP CLIENTID / SMTP CLIENTID support Use Cyrus SASL 2.1.27 Update to version 1.9.2 Support of TLS SNI LMDB for cache...

Security update for libetpan (moderate)

openSUSE Security Update: Security update for libetpan Announcement ID: openSUSE-SU-2020:1454-1 Rating: moderate References: 1174579 Cross-References: CVE-2020-15953 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for libetpa...

sslscan - tests SSL/TLS enabled services to discover supported cipher suites

This is a fork of ioerror's version of sslscan the original readme of which is included below. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 POODLE. Highlight 3DES and RC4 ciphers in output. Highlight PFS+GCM ciphers as good in output. Highlig...

SUSE-SU-2016:2329-1 Security update for apache2-mod_nss

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from sha256 to sha256. - Drop modnssmigrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. -...

SUSE-SU-2016:2285-1 Security update for apache2-mod_nss

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements: - Fix OpenSSL ciphers stopped parsing at +. CVE-2016-3099 - Created valgrind suppression files to ease debugging. - Implement SSLPPTYPEFILTER to call executables to get the key password pins. - Improvements t...

Paragon Initiative Enterprises: Site support SNI But Browser can't

Helo,hop yu doing Well , Am i Meena boy her found a Server issue which disclosing sensitive information , Fix thits Asap , Hope u give $i$$ .- Prooff :- sir your site This site works only in browsers with SNI support.. so please fix it asap , cuz my browser don't hav sni support which causing...

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...