71 matches found
EUVD-2020-18822
Malware in sbrugna...
K83623027: OpenSSL vulnerability CVE-2021-3449
Security Advisory Description An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a...
SSL/TLS Recommended Cipher Suites (PCI DSS)
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites: TLSv1.3: - 0x13,0x01 TLS13AES128GCMSHA256 - 0x13,0x02 TLS13AES256GCMSHA384 - 0x13,0x03 TLS13CHACHA20POLY1305SHA256 TLSv1.2: - 0xC0,0x2B...
Siemens OpenSSL in Industrial Products (CVE-2021-3449)
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...
Reolink RLC-410W web server misconfiguration information disclosure vulnerability
Summary An information disclosure vulnerability exists due to a web server misconfiguration in the reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Tested...
Reolink RLC-410W hardcoded TLS key information disclosure vulnerability
Summary An information disclosure vulnerability exists due to the hardcoded TLS key of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this...
GHSA-83MX-573X-5RW9 openssl-src NULL pointer Dereference in signature_algorithms processing
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...
Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5038-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5038-1 advisory. It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue t...
CVE-2020-36363
Amazon AWS CloudFront TLSv1.22019 allows TLSECDHERSAWITHAES128CBCSHA256 and TLSECDHERSAWITHAES256CBCSHA384, which some entities consider to be weak ciphers...
Design/Logic Flaw
Amazon AWS CloudFront TLSv1.22019 allows TLSECDHERSAWITHAES128CBCSHA256 and TLSECDHERSAWITHAES256CBCSHA384, which some entities consider to be weak ciphers...
CVE-2020-36363
Amazon AWS CloudFront TLSv1.22019 allows TLSECDHERSAWITHAES128CBCSHA256 and TLSECDHERSAWITHAES256CBCSHA384, which some entities consider to be weak ciphers...
CVE-2020-36363
CVE-2020-36363 concerns Amazon AWS CloudFront where TLSv1.2_2019 configurations allow weak ciphers TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384. The root cause is the inclusion of these CBC-based ciphers in the CloudFront TLS policy, which is cited as a security...
EulerOS 2.0 SP5 : openssl1.1.1d (EulerOS-SA-2021-2225)
According to the version of the openssl1.1.1d packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2063)
According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared librari...
EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2021-1970)
According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2...
BSA-2021-1440
Security Advisory ID : BSA-2021-1440 Component : OpenSSL Revision : 1.1 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial...
NULL pointer deref in signature_algorithms processing
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...
RUSTSEC-2021-0055 NULL pointer deref in signature_algorithms processing
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...
CVE-2020-26197
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication...
Authentication flaw
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication...