CVE-2023-6180

The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The setexdata function used by the library did not deallocate memory used by pre-existing data in memory each time after completin...

openldap bug fix update

An update is available for openldap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LD...

CVE-2024-47619 tranport: TLS host name wildcard matching too lax

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

Hitachi Energy's RTU500 series Missing synchronization (CVE-2025-1445)

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as client or server are...

CVE-2023-31136 PostgresNIO processes unencrypted bytes from man-in-the-middle

PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...

SUSE-SU-2023:2105-1 Security update for go1.20

This update for go1.20 fixes the following issues: Update to 1.20.4 bnc1206346: - CVE-2023-24539: Fixed an improper sanitization of CSS values boo1211029. - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace boo1211030. - CVE-2023-29400: Fixed an improper handling of empty HTML...

SUSE-SU-2017:0622-1 Security update for tigervnc

This update for tigervnc provides the following fixes: - Prevent malicious server from crashing a server via a buffer overflow, a similar flaw as the LibVNCServer issues CVE-2016-9941 and CVE-2016-9942. bsc1019274 - CVE-2016-10207: Prevent potential crash due to insufficient clean-up after failur...

CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...