[SECURITY] [DLA 3284-1] libapache-session-ldap-perl security update

Debian LTS Advisory DLA-3284-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS Package : libapache-session-ldap-perl Version : 0.4-1+deb10u1 CVE ID : CVE-2020-36658 In Apache::Session::LDAP before 0.5, validity of the...

MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate tool that comes with MatrixSSL. $ gdb -q --args...

AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle Vulnerability

Exploit for hardware platform in category local exploits AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle Vulnerability Product: 440HD / 450HD IP Phone Manufacturer: AudioCodes Affected Versions: = 3.1.2.89 Tested Versions: VC3.1.1.43.1, VC3.1.2.89 Vulnerability Type: X.509 validation...

Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle Vulnerability

Exploit for hardware platform in category local exploits Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: = 5.8.0.12848 Tested Versions: 5.4.0.10182, 5.8.0.12848 Vulnerability Type: X.509 validation -...

Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2018-027 Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: = 5.8.0.12848 Tested Versions: 5.4.0.10182, 5.8.0.12848 Vulnerability Type: X.509 validation - Man-in-the-Middle CWE-300 Risk Level: Medium Solution Statu...

AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2018-026 Product: 440HD / 450HD IP Phone Manufacturer: AudioCodes Affected Versions: = 3.1.2.89 Tested Versions: VC3.1.1.43.1, VC3.1.2.89 Vulnerability Type: X.509 validation - Man-in-the-Middle CWE-300 Risk Level: Medium Solution...

FTP Rush: missing X.509 validation (FTP with TLS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-002 Product: FTP Rush Vendor: Wing FTP Software Affected Versions: v2.1.8 Tested Versions: v2.1.8 Windows 7 32 bit and Windows 8.1 64 bit Vulnerability Type: X.509 validation Risk Level: Medium Solution Status: Vendor...

Cyberduck 4.4.3 (14140 Windows) X.509 Validation Failure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-004 Product: Cyberduck Affected Versions: 4.4.3 14140 Windows only Not Affected Versionss: 4.4.3 14140 and 4.2.1 9350 both OS X 10.9.2 Tested Versions: 4.4.3 Windows 7 32 bit and Windows 8.1 64 bit Vulnerability Type: X.509...

CVE-2014-2735 - WinSCP: missing X.509 validation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-003 Product: WinSCP Affected Versions: 5.5.2.4130 Tested Versions: 5.5.2.4130 Windows 7 32 bit and Windows 8.1 64 bit Vulnerability Type: Missing X.509 validation Risk Level: Medium Solution Status: Fixed Vendor Notification:...

SuSE 11 Security Update : GnuTLS (SAT Patch Number 632)

The previous security fix for gnutls CVE-2008-4989 introduced a regression in the X.509 validation code for self-signed certificates. This update fixes this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuS...