EUVD-2022-4859

Malicious code in bioql PyPI...

EUVD-2022-2390

Malicious code in bioql PyPI...

EUVD-2022-4460

Malicious code in bioql PyPI...

EUVD-2022-1889

Malicious code in bioql PyPI...

EUVD-2022-3118

Malicious code in bioql PyPI...

EUVD-2024-21051

Malicious code in bioql PyPI...

CVE-2017-1000209

The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate...

CVE-2019-10446

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

PT-2025-17226 · Hcl · Hcl Myxalytics

Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue concerns SSL/TLS Protocol vulnerabilities, specifically BREACH and LUCKY13, which allow attackers to exploit weaknesses in ciphers. This can lead to the interception and...

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0: remote attacker could spoof mail server identity over SSL/TLS due to improper certificate validation (host mismatch). Consequences include disclosure of information in email notifications or disrupted delivery. Affected: IBM OpenPages 9.0 and OpenPages with ...

The Digital Transformation Age Is Dawning: Do You Know Where Your Certificates Are?

How many digital certificates are in use in your organization? When do they expire? Do you have a way of discovering digital certificates from unapproved Certificate Authorities? Most organizations can't answer these questions with complete certainty, because they lack the necessary visibility an...

EUVD-2017-12848

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; user...

Apple Removes Apps That Expose Encrypted Traffic

Apple has purged its App Store of a number of apps that expose encrypted traffic via the installation of root certificates. Apple has declined to name the apps. “Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data,” Apple said today i...

[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability

SIG^2 Vulnerability Research Advisory SurgeFTP LEAK Command Denial-Of-Service Vulnerability by Tan Chew Keong Release Date: 07 Apr 2005 ADVISORY URL http://www.security.org.sg/vuln/surgeftp22m1.html SUMMARY SurgeFTP http://netwinsite.com/surgeftp/ is an FTP server with SSL/TLS security, easy...

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...

Vulnerability in OpenSSL CVE-2003-0131

The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between...