EUVD-2013-5748

Malware in sbrugna...

EUVD-2022-28486

Malicious code in bioql PyPI...

CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...

CVE-2013-5914

Buffer overflow in the sslreadrecord function in ssltls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet...

GHSA-GR79-9V6V-GC9R Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating...

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating...

Authentication flaw

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...

CVE-2024-23656 Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...

CVE-2024-23656

Dex 2.37.0 serves HTTPS with TLS 1.0/1.1 and non-respected cipher suites because tlsConfig is ignored after the TLS cert reloader; minimum TLS version hardening is ineffective. This can allow eavesdropping on TLS 1.0/1.1 traffic. The issue is fixed in Dex 2.38.0.

SUSE: Security Advisory (SUSE-SU-2023:2183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: TLS 1.0 and TLS 1.1 is enabled in IBM Safer Payments (CVE-2023-27557)

Summary IBM Safer Payments had older TLS 1.0 and TLS 1.1 protocols enabled by default. These protocols are now disabled. Vulnerability Details CVEID:CVE-2023-27557 DESCRIPTION: IBM Counter Fraud Management for Safer Payments uses weaker than expected cryptographic algorithms that could allow an...

K14236: OpenSSL vulnerability CVE-2012-2686

Security Advisory Description A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a denial-of-service DoS attack. Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1 before 1.0.1d is affected. Platforms...

Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)

Abstract Earlier versions of the Transport Layer Security TLS protocol are affected by a publicly disclosed vulnerability that could allow information disclosure if an attacker is carrying out a man-in-the-middle attack. Customers can avoid the vulnerability by following workarounds recommended b...

TLS Version 1.1 Deprecated Protocol

The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that...

Mageia: Security Advisory (MGASA-2021-0298)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

wolfSSL security feature issue vulnerability

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded system developers from Wolfssl USA. wolfSSL has a security vulnerability that stems from the use of non-random IV values for x prior to 5.1.1 under certain circumstances. This affects AES-CBC or DES3...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

Information disclosure

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...