Lucene search
K

383 matches found

OSV
OSV
added 2014/10/25 8:23 p.m.20 views

MGASA-2014-0422 Updated java-1.7.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519. It was...

6.8CVSS4.5AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/10/16 11:12 p.m.10 views

OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)

It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE...

4CVSS6.6AI score0.03422EPSS
Exploits0References5
Amazon
Amazon
added 2014/10/16 12:0 a.m.54 views

Important: java-1.7.0-openjdk

Issue Overview: Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-65...

6.8CVSS8.2AI score0.04102EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2014/05/30 1:18 p.m.6 views

Google Complies with 'Right to be Forgotten'

In compliance with a Court of Justice of the European Union ruling, Google has taken steps toward a program that will allow Europeans to request their name be removed from certain searches. The ruling under the European Data Protection Law provides Europeans with the “right to be forgotten.” In...

7.1AI score
Exploits0References3
myhack58
myhack58
added 2014/05/27 12:0 a.m.21 views

Some of the common password reset vulnerability analysis-vulnerability warning-the black bar safety net

0×0 0 Preface General password reset design is divided into the following four steps: 1. Enter the account name 2. To verify the identity of 3. Reset the password 4. Complete Usually vulnerability is present in 2 or 3 steps, here is a look at some common password reset vulnerability. 0×0 1 blasti...

0.4AI score
Exploits0
NVD
NVD
added 2014/03/09 1:16 p.m.25 views

CVE-2013-4966

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console...

6.4CVSS6.7AI score0.01091EPSS
Exploits0References2
CVE
CVE
added 2014/03/07 8:0 p.m.56 views

CVE-2013-4966

Puppet Enterprise before 3.2.0 is affected: the master external node classification script does not verify the identity of consoles, which allows remote attackers to spoof a console and create arbitrary classifications on the master. Affected: Puppet Enterprise 3.x prior to 3.2.0. Root cause: mis...

6.4CVSS6.9AI score0.01091EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2014/02/13 12:9 a.m.11 views

Hackers targeting non-browser applications with Fake SSL Certificates

Having SSL Certification doesn't mean that the website you are visiting is not a bogus website. SSL certificates protect web users in two ways, it encrypts sensitive information such as usernames, passwords, or credit card numbers and also verify the identity of websites. But today hackers and...

6.5AI score
Exploits0
OSV
OSV
added 2013/10/09 10:34 p.m.10 views

MGASA-2013-0299 Updated gnupg2 packages fix multiple vulnerabilities

Updated gnupg2 package fixes security vulnerabilities: RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a "key flags" packet that indicates the capabilities of the key. These are represented as a set of binary flags, including things like "This key may be used to...

5.8CVSS6.3AI score0.0503EPSS
Exploits0References4
Cent OS
Cent OS
added 2013/02/27 7:34 p.m.77 views

dovecot security update

CentOS Errata and Security Advisory CESA-2013:0520 Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...

6.5CVSS5.9AI score0.02206EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.35 views

RedHat Update for dovecot RHSA-2013:0520-02

Check for the Version of dovecot OpenVAS Vulnerability Test RedHat Update for dovecot RHSA-2013:0520-02 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6.5CVSS5.5AI score0.02206EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2013/02/20 4:19 p.m.34 views

Low: Red Hat Security Advisory: dovecot security and bug fix update

Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

6.5CVSS5.9AI score0.02206EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2012/02/28 2:30 p.m.7 views

PayPal Revises Privacy Policy, User Agreement Policy

PayPal announced that it is changing both its privacy and user agreement policies, adding tweaks to its customer identification program and the way it collects and stores its customers’ personal information. The changes will take effect on April 1. Under the new policy, Paypal may collect...

6.9AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2011/01/27 12:0 a.m.19 views

Fedora 14 : myproxy-5.3-1.fc14 (2011-0514)

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification : The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The...

4.3CVSS5.5AI score0.01585EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2010/11/17 1:11 p.m.5 views

Facebook Glitch Locks Out Accounts

A bug in an account verification system used by Facebook resulted in a wave of account suspensions Tuesday that had users locked out of the world’s largest social network and scratching their heads over the reason. Facebook discovered a bug in a system designed to detect and disable fake accounts...

7.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/03/03 9:53 p.m.9 views

Biometrics' Researchers Say Follow Your Nose

Forget iris and fingerprint scans — scanning noses could be a quicker and easier way to verify a person’s identity, according to scientists at the University of Bath. With worries about illegal immigration and identity theft, authorities are increasingly looking to using an individual’s physical...

2.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2010/02/23 12:0 a.m.25 views

CentOS 5 : NetworkManager (CESA-2010:0108)

Updated NetworkManager packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. NetworkManager is a network link manager that attempts to keep a wired or wireless...

6.8CVSS5.3AI score0.01897EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/01/06 12:0 a.m.28 views

CentOS 5 : pam_krb5 (CESA-2008:0907)

An updated pamkrb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The pamkrb5 module allows Pluggable Authentication Modules PAM aware applications to use...

4.4CVSS5.1AI score0.00353EPSS
Exploits0References3
Prion
Prion
added 2007/08/08 1:17 a.m.14 views

Design/Logic Flaw

Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...

4.3CVSS7.2AI score0.01207EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/08/08 1:17 a.m.16 views

CVE-2007-4202

Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...

4.3CVSS6.7AI score0.01207EPSS
Exploits0References4
Rows per page
Query Builder