546 matches found
DLA-322-1 commons-httpclient - security update
Bulletin has no description...
[SECURITY] Fedora 21 Update: mariadb-10.0.21-1.fc21
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...
Important: Red Hat Security Advisory: rh-mariadb100-mariadb security update
Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
[SECURITY] Fedora 21 Update: community-mysql-5.6.26-1.fc21
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
[SECURITY] Fedora 23 Update: community-mysql-5.6.26-1.fc23
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
Pupils with EasyFuzzer 1.0 mining software vulnerabilities-vulnerability warning-the black bar safety net
EasyFuzzer is a new fuzzing tool. Currently only supports the file format of the fuzzy test. Features: easy, streamlined, efficient, and intelligent. Easy: very easy to use, does not need any configuration. With his elementary students can also dig vulnerability, don't worry there is no 0day...
MGASA-2015-0246 Updated openssl package fixes security vulnerabilities
A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...
OpenSSL: Race condition handling NewSessionTicket
A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash...
Debian Security Advisory DSA 3287-1 (openssl - security update)
Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of...
DEBIAN-CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2639-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2639-1 advisory. Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker cou...
OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.1n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1n advisory. - The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2...
CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
EUVD-2015-1917
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.8zg. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8zg advisory. - The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2...
USN-2639-1: OpenSSL vulnerabilities
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8176 Joseph...
Proxenet - Hacker Friendly Proxy for Web Application Penetration Tests
Proxenet is a hacker friendly proxy for web application penetration tests. proxenet is a multi-threaded proxy which allows you manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy. proxenet supports...
Vulnerability in OpenSSL - Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. Found by Emilia Käsper OpenSSL...
UBUNTU-CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...