RHEL 6 / 7 : gnutls (RHSA-2016:0012) (SLOTH)

Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

RedHat Update for openssl RHSA-2016:0008-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for nss RHSA-2016:0007-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-3437-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for openssl CESA-2016:0008 centos6

Check the version of openssl SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882363";...

Gentoo Security Advisory GLSA 201405-16

Gentoo Linux Local Security Checks GLSA 201405-16 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Multiple Security vulnerabilities in AIX OpenSSL

IBM SECURITY ADVISORY First Issued: Wed Jul 15 00:20:05 CDT 2015 | Updated: Wed Aug 12 05:13:23 CDT 2015 | Update: A new ifix for Power8 machines having OpenSSL v1.0.1.514 has been added | Update: "A. FIXES" section. The most recent version of this document is available here:...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)

This update of openssl fixes the following security issues : - CVE-2015-4000 bsc931698 - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 - Malformed ECParameters causes infinite...

Code injection

The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...

Vulnerability in OpenSSL - CMS verify infinite loop with unknown hash function

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code. Found by Johannes Bauer...

UBUNTU-CVE-2015-1792

The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...

librsync weak permission

Weak hash function is used...

qibocms某功能缺陷可致前台管理登录

简要描述： RT.前台管理登录，由于是通用文件，涉及多个系统。 详细说明： 0x1 前台admin登录 inc/function.inc.php: function mymd5$string,$action="EN",$rand='' //字符串加密和解密 global $webdb; if$action=="DE"//处理+号在URL传递过程中会异常 $string = strreplace'QIBO|ADD','+',$string; $secretstring = $webdbmymd5.$rand.'5j,.^&;?.%@!'; //绝密字符串,可以任意设定...

RHEL 5 : MRG (RHSA-2014:0441)

Updated Messaging component packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...

Updated mono packages fix security vulnerability

Mono 2.10.9 does not properly randomize hash functions for form posts to protect against hash collision attacks. A remote attacker could send specially crafted parameters, possibly resulting in a Denial of Service condition CVE-2012-3543...

PSF-2014-2 Hash function not randomized properly

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service CPU consumptio...

Mono: Denial of service

Background Mono is an open source implementation of Microsoft’s .NET Framework. Description Mono does not properly randomize hash functions for form posts to protect against hash collision attacks. Impact A remote attacker could send specially crafted parameters, possibly resulting in a Denial of...

[ MDVSA-2014:079 ] json-c

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:079 http://www.mandriva.com/en/support/security/ Package : json-c Date : April 17, 2014 Affected: Business Server 1.0 Problem Description: Updated json-c packages fix security vulnerabilities: Florian Weimer...

MGASA-2014-0175 Updated json-c packages fix security vulnerabilities

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...

Updated json-c packages fix security vulnerabilities

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...