CVE-2017-7619

In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv...

SSH Configuration & Policy Scanner: ssh_scan

SSH Configuration & Policy Scanner SSH, or secure shell, is a secure protocol and the most common way of safely administering remote servers. Using a number of encryption technologies, SSH provides a mechanism for establishing a cryptographically secured connection between two parties,...

Design/Logic Flaw

The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service network connectivity disruption via a client hello with a...

CVE-2017-5872

The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service network connectivity disruption via a client hello with a...

CVE-2016-2879

IBM QRadar SIEM (7.2.x) is affected by CVE-2016-2879 due to the use of outdated hashing algorithms for certain passwords, potentially allowing a local attacker to obtain and decrypt credentials. Affected versions: QRadar 7.2.0–7.2.7. Remediation: upgrade to QRadar 7.2.8 (or other fixed release). ...

USN-3199-2: Python Crypto regression

USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather...

This Ransomware Malware Could Poison Your Water Supply If Not Paid

Ransomware has been around for a few years, but in last two years, it has become an albatross around everyone's neck, targeting businesses, hospitals, financial institutions and personal computers worldwide and extorting millions of dollars. Ransomware is a type of malware that infects computers...

Code injection

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference : 1996868...

Botan Integer Overflow Vulnerability

Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. An integer overflow vulnerability exists in Botan versions 1.8.0 through 1.11.33. An attacker could exploit this vulnerability to cause memory corruption...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Th...

Simple Static Malware Analyzer: SSMA

Simple Static Malware Analyzer SSMA is a simple malware analyzer written in Python 3. Features: Analyze PE file’s header and sections number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc. Searches for possible...

Denial Of Service (DoS) Through Null Pointer Dereference

OpenSSL is vulnerable to denial of service DoS attacks. These attacks can be triggered by using an invalid signaturealgorithms extension in the the ClientHello message during renegotiation...

[SECURITY] Fedora 24 Update: openssl-1.0.2k-1.fc24

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 25 Update: openssl-1.0.2k-1.fc25

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

F5 Networks BIG-IP : OpenSSL vulnerability (K43570545)

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is...

Verified, Efficient TLS Implementation In C: Project Everest

Verified, Efficient TLS Implementation In C The HTTPS ecosystem HTTPS and TLS protocols, X.509 public key infrastructure, crypto algorithms is the foundation on which Internet security is built. Unfortunately, this ecosystem is extremely brittle, with headline-grabbing attacks such as FREAK and...

OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0d advisory. - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d...

Vulnerability in OpenSSL - BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerabili...

CVE-2016-10147

Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct cryptoalloctfm invocation using a "mcryptdalg" name construct. This causes mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended to be used with mcryptd...