Lucene search
K

83 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2017/12/08 12:15 p.m.89 views

Security update for chromium (important)

This update to Chromium 63.0.3239.84 fixes the following security issues: - CVE-2017-15408: Heap buffer overflow in PDFium - CVE-2017-15409: Out of bounds write in Skia - CVE-2017-15410: Use after free in PDFium - CVE-2017-15411: Use after free in PDFium - CVE-2017-15412: Use after free in libXML...

0.4AI score0.02963EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2017/12/07 7:30 p.m.6 views

chromium-browser: issue with spake implementation in boringssl

Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password by inspecting protocol traffic...

5.3CVSS7.4AI score0.01513EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2017/12/07 10:23 a.m.31 views

CVE-2017-15423

Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password by inspecting protocol traffic...

5.3CVSS4.3AI score0.01513EPSS
Exploits0References2
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2017/12/06 12:0 a.m.44 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 63 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 63.0.3239.84 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

8.8CVSS9AI score0.02963EPSS
Exploits1Affected Software1
ossfuzz
ossfuzz
added 2017/07/20 7:50 a.m.21 views

boringssl: Incorrect-function-pointer-type in bssl::ext_npn_parse_serverhello

Project: https://boringssl.googlesource.com/boringssl Detailed report: https://oss-fuzz.com/testcase?key=6121765925289984 Project: boringssl Fuzzer: libFuzzerboringsslclient Fuzz target binary: client Job Type: libfuzzerubsanboringssl Platform Id: linux Crash Type: Incorrect-function-pointer-type...

6.7AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2017/07/20 7:49 a.m.23 views

boringssl: Incorrect-function-pointer-type in bssl::ssl_negotiate_alpn

Project: https://boringssl.googlesource.com/boringssl Detailed report: https://oss-fuzz.com/testcase?key=6088352019251200 Project: boringssl Fuzzer: libFuzzerboringsslserver Fuzz target binary: server Job Type: libfuzzerubsanboringssl Platform Id: linux Crash Type: Incorrect-function-pointer-type...

6.7AI score
Exploits0Affected Software1
OSV
OSV
added 2016/11/25 4:59 p.m.5 views

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

5.9CVSS5.8AI score0.00521EPSS
Exploits0References2
NVD
NVD
added 2016/11/25 4:59 p.m.27 views

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

5.9CVSS5.1AI score0.00521EPSS
Exploits0References2
Prion
Prion
added 2016/11/25 4:59 p.m.14 views

Information disclosure

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

4.3CVSS6.1AI score0.00521EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2016/11/25 4:59 p.m.27 views

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

5.9CVSS6.6AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2016/11/25 4:59 p.m.3 views

UBUNTU-CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

5.9CVSS7.3AI score0.00521EPSS
Exploits0References3
CVE
CVE
added 2016/11/25 4:0 p.m.52 views

CVE-2016-6709

CVE-2016-6709 describes an information disclosure vulnerability in Conscrypt and BoringSSL used by Android. The issue affects Android 6.x and 7.0 prior to 2016-11-01, where a MITM attacker could access sensitive data if a non-standard cipher suite is used by an application. The root cause is an i...

5.9CVSS5.7AI score0.00521EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/11/25 4:0 p.m.28 views

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

5.4AI score0.00521EPSS
Exploits0References2
Into the symmetry
Into the symmetry
added 2016/10/20 12:16 p.m.319 views

The RFC 5114 saga

Back in January I posed a question "to the Internet": What the heck is RFC 5114? It looks like a lot happened since then around it. I would like to use this post to recollect some of the stuff around RFC5114 . Chapter 0: October 2007 RFC5114 draft was submitted to the IETF . Chapter I: January 20...

3.7CVSS6AI score0.83645EPSS
Exploits1
Friends Of PHP
Friends Of PHP
added 2016/03/16 12:0 a.m.13 views

Uses insecure CSPRNG (openssl_random_pseudo_bytes())

It's not fork safe In most versions of PHP, it lies about being secure And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: Release a new version v1.3.0 or most likely v2.0.0 that doesn't rely...

1.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/03/16 12:0 a.m.11 views

Uses insecure CSPRNG (openssl_random_pseudo_bytes())

It's not fork safe - In most versions of PHP, it lies about being secure - And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: - Release a new version v1.3.0 or most likely v2.0.0 that...

7.1AI score
Exploits0Affected Software1
seebug.org
seebug.org
added 2016/02/17 12:0 a.m.23 views

OpenSSL加密算法破解漏洞

一、漏洞情况分析 OpenSSL是一个实现安全套接层和安全传输层协议的通用开源加密库,可支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在一处加密算法破解漏洞,但是该漏洞需要同时满足以下条件:OpenSSL版本为 1.0.2-1.0.2e;依赖于openssl的应用程序的签名算法生成的临时密钥必须基于Diffie...

7.1AI score
Exploits0
OpenSSL
OpenSSL
added 2015/12/03 12:0 a.m.54 views

Vulnerability in OpenSSL - X509_ATTRIBUTE memory leak

When presented with a malformed X509ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS7 and CMS routines so any application which reads PKCS7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. Found by Adam Langley Google/BoringSSL using libFuzz...

6.4AI score0.38709EPSS
Exploits1Affected Software1
Slackware Linux
Slackware Linux
added 2015/07/09 7:17 p.m.34 views

[slackware-security] openssl

New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssl-1.0.1p-i486-1slack14.1.txz: Upgraded. This update fixes the following security issue: Alternative chains certificate...

6.5CVSS6.8AI score0.61798EPSS
Exploits6
The Hacker News
The Hacker News
added 2015/07/09 7:5 a.m.56 views

Critical OpenSSL Flaw Allows Hackers to Impersonate Any Trusted SSL Certificate

The mysterious security vulnerability in the widely used OpenSSL code library is neither HeartBleed nor FREAK, but it’s critical enough to be patched by sysadmins without any delay. OpenSSL Foundation released the promised patch against a high severity vulnerability in OpenSSL versions 1.0.1n and...

6.4CVSS6.5AI score0.61798EPSS
Exploits6
Rows per page
Query Builder