wlc 信任管理问题漏洞

wlc is an open source command line client for Weblate. A trust management issue vulnerability exists in versions of wlc prior to 1.17.0, which stems from the fact that SSL authentication is skipped for certain specially crafted URLs...

EUVD-2005-2246

Malware in sbrugna...

EUVD-2012-2132

Malware in sbrugna...

Trust Management Issues Vulnerabilities in Various ABB Products

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Jenkins Plugin Checkmarx 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Checkmarx ...

GLSA-202211-04 : PostgreSQL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202211-04 PostgreSQL: Multiple Vulnerabilities - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries...

U.S. Dept Of Defense: Public instance of Jenkins on https://██████████/ with /script enabled

Summary: An Amazon instance was found on https://█████/ running Jenkins. On analysing the SSL certificate, I reported here to the DoD. Description: On checking the SSL certificate, the details show: Issued to and Issued By records: CN: █████ OrganizationO: █████████ Organizational Unit OU: ███...

SUSE-SU-2019:0900-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation bsc1130116. - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication...

OPENSUSE-SU-2019:0243-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: dovecot was updated to 2.3.3 release, bringing lots of bugfixes bsc1124356. Also the following security issue was fixed: - CVE-2019-3814: A vulnerability in Dovecot related to SSL client certificate authentication was fixed bsc1123022 The...

Security update for dovecot23 (moderate)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2019:0243-1 Rating: moderate References: 1119850 1123022 1124356 Cross-References: CVE-2019-3814 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now available...

CVE-2018-6635

System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation RMI restrictions, aka SMGR-26896...

LDAP SSL - invalid user account-LdapErr-DSID-0C090FB4-Error-initializing-SSL

ISSUE: User can not login after changing LDAP authentication to LDAP SSL authentication. Error message: Invalid user account. Symptom: Check the Network Trace and found. For TLS: 22283 2017-03-09 16:54:29.344825357 2.2.2.22.2.2.3LDAP 232 extendedResp1 00000000: LdapErr: DSID-0C090FB4, comment:...

Deserialization of untrusted data

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

CVE-2016-6330

CVE-2016-6330 affects Red Hat JBoss Operations Network (JON). The issue allows remote code execution via a crafted HTTP request when SSL authentication is not configured for JON server/agent communication, linked to message deserialization. Affected versions are before 3.3.6; the root cause relat...

CVE-2016-6330

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

CVE-2016-3737

It was discovered that sending specially crafted HTTP request to the JON server would allow deserialization of that message without authentication. An attacker could use this flaw to cause remote code execution. Mitigation Apply the configuration changes described in the documentation here: For...

Apple Safari Multiple Vulnerabilities -01 (Apr 2015) - Mac OS X

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

GoAhead WebServer 2.1 - Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5464/info GoAhead WebServer is an Open Source embedded web server which supports Active Server Pages, embedded javascript, and SSL authentication and encryption. It is available for a variety of platforms including...

IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 23 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A security exposure when using WS-Security could result in a user gaining elevated privileges in applications using JAX-RPC...

Mozilla Firefox / Seamonkey multiple security vulnerabilities

Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication...