13 matches found
EUVD-2018-1095
Malware in sbrugna...
USN-7639-1 apache2 vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...
UBUNTU-CVE-2025-49812
In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...
SUSE CVE-2023-30586
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
SUSE-SU-2023:1823-1 Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 bsc1208480: Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. -...
CVE-2020-36161
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engin...
netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled default setting...
CVE-2018-0272
A vulnerability in the Secure Sockets Layer SSL Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this...
CVE-2018-0272
A vulnerability in the Secure Sockets Layer SSL Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this...
CVE-2018-0272
A vulnerability in the Secure Sockets Layer SSL Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this...
Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this...