Apache Spark has Inadequate Encryption Strength

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

EUVD-2019-13444

Malware in sbrugna...

EUVD-2010-0394

Malware in sbrugna...

EUVD-2006-6458

Malware in sbrugna...

CVE-2010-0363

Cross-site scripting XSS vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785...

CWA 2402 - Client attempts to connect to VDA on SSL but VDA is not SSL enabled

Unable to launch applications internally, and the error is - cannot connect to the . Ports 1494 and 2598 are open from Client to VDA. Client attempts to connect to the VDA over UDP/TCP 443...

User session fails to launch session Received an invalid packet during its ?? handshake phase

In System Event log on the VDA a TDICA event 1019 appears. "The Citrix TDICA Transport Driver connection from xxx.xxx.xxx.xxx: to port 443received an invalid packet during its ?? handshake phase" There is however no issue launching the session and no disconnection takes place. In this scenario th...

UBUNTU-CVE-2021-20335

For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and c...

CVE-2019-3821

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service...

CVE-2019-3821

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service...

Phishery - An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document. The power of phishery is best demonstrated by setting a Word document's template to a...

SSL Enabled Basic Auth Credential Harvester: phishery

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document...

Crazy Driver Police Duty 3D - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Crazy Driver Police Duty 3D published at the 'play' market has multiple vulnerabilities...

Cookie Blast Frenzy - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Cookie Blast Frenzy published at the 'play' market has multiple vulnerabilities...

Microsoft Windows SSL Library Private Communications Transport Buffer Overflow - Ver2 (CVE-2003-0719)

A buffer overflow vulnerability has been reported in Microsoft Windows SSL Library. The vulnerability is due to the processing of certain messages. A remote attacker can exploit this issue by executing arbitrary code in the context of a local system user when SSL is enabled...

RHEL 6 : Storage Server (RHSA-2014:0377) (Heartbleed)

Updated openssl packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CentOS 6 / 7 : openssl (CESA-2014:1652)

Updated OpenSSL packages that contain a backported patch to mitigate the CVE-2014-3566 issue known as SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability POODLE, and fixed two security issues that are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has...

Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140813)

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20140813)

It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. CVE-2014-3508 Multiple flaws were discovered in the way OpenS...