CVE-1999-0007

Information from SSL-encrypted sessions via PKCS 1...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

GHSA-6P6V-M64V-JX8Q Apache Spark has Inadequate Encryption Strength

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

Improper Verification of Cryptographic Signature

Overview org.apache.spark:spark-network-common2.12 is an open-source distributed general-purpose cluster-computing framework. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not explicitly configured, resulting in the use of AES in CTR mode without authentication. An attacker can compromise the...

EUVD-2006-2461

Malware in sbrugna...

EUVD-2013-3966

Malware in sbrugna...

EUVD-2021-21889

Malware in sbrugna...

EUVD-2018-17228

Malware in sbrugna...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. Module Options msf use...

OS Command Exec, Unix Command Shell, Double Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option Module Options msf use payload/php/unix/cmd/reversessldoubletelnet msf payloadreversessldoubletelnet show actions ...actions... msf payloadreversessldoubletelnet set...

CVE-2024-52316

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

PT-2024-37046 · Unknown · Password Pusher

Name of the Vulnerable Software and Affected Versions: Password Pusher versions 1.50.3 and prior Description: A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session tok...

Fortinet FortiClient Hardcoding Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A hard-coded vulnerability exists in Fortinet FortiClien...

How to Convert a NetScaler MPX Appliance to a NetScaler SDX Appliance

This article contains information about converting NetScaler MPX appliances to NetScaler SDX appliances. Requirements You can use a field conversion kit to migrate a NetScaler MPX appliance to a NetScaler SDX appliance. The following table lists the details of the SDX Field Replaceable Unit FRU...

Security Bulletin: TLS 1.0 and TLS 1.1 is enabled in IBM Safer Payments (CVE-2023-27557)

Summary IBM Safer Payments had older TLS 1.0 and TLS 1.1 protocols enabled by default. These protocols are now disabled. Vulnerability Details CVEID:CVE-2023-27557 DESCRIPTION: IBM Counter Fraud Management for Safer Payments uses weaker than expected cryptographic algorithms that could allow an...

Code injection

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

Medium: postgresql96

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...

Medium: postgresql92

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...