CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

EUVD-2021-14616

Malware in sbrugna...

EUVD-2022-4910

Malicious code in bioql PyPI...

EUVD-2024-46948

Malicious code in bioql PyPI...

EUVD-2024-48174

Malicious code in bioql PyPI...

CVE-2019-9764

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verifyserverhostname were set to false, even when it is actually set to true. This is fixed in 1.4.4...

Improper Certificate Validation

github.com/rancher/steve is vulnerable to improper certificate validation. The vulnerability is due to the default setting does not verify the certificate presented by the remote server, which allows an attacker to intercept or alter TLS communications...

CVE-2024-7206

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

CVE-2024-7206

CVE-2024-7206 corresponds to a vulnerability in eWeLink hardware where SSL pinning can be bypassed. The connected sources indicate that a local attacker can decrypt TLS communications and extract secrets to clone the device by flashing modified firmware. The CNNVD entry specifies the vulnerabilit...

CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

Quantum DXi Storage With Firmware 3.x Does Not Work with Veeam Backup & Replication 12

Challenge When attempting to add Quantum DXi storage with firmware 3.x to Veeam Backup & Replication, the following error is shown: Failed to StartAgent: Failed to construct ClientAgentProtocol. If the Quantum DXi storage was added to Veeam Backup & Replication prior to upgrading to Veeam Backup ...

HashiCorp Consul vulnerable to Origin Validation Error

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verifyserverhostname were set to false, even when it is actually set to true. This is fixed in 1.4.4...

GHSA-Q7FX-WM2P-QFJ8 HashiCorp Consul vulnerable to Origin Validation Error

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verifyserverhostname were set to false, even when it is actually set to true. This is fixed in 1.4.4...

[SECURITY] Fedora 36 Update: golang-github-theupdateframework-notary-0.7.0-4.fc36

The Notary project comprises a server and a client for running and interacting with trusted collections. See the service architecture documentation for more information. Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS t...

Spock SLAF - A Shared Library Application Firewall "SLAF"

Spock SLAF is a Shared Library Application Firewall "SLAF". It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks like buffer overflow, path traversal, XXE and SQL...

Gateway Callback and / or XML Communication fails after upgrade to Storefront 2203

The issue occurs when customers upgrade from Storefront 1912 to 2203 and had TLS1.0 disabled prior to upgrading Does not occur on a clean install, or with TLS 1.0 enabled. In this scenario customers will encounter a TLS communication issue between Storefront and ADC / Storefront and Citrix Delive...

Debian DLA-2865-1 : resiprocate - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2865 advisory. - The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service memory...

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...