383 matches found
MGASA-2014-0422 Updated java-1.7.0-openjdk packages fix security vulnerabilities
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519. It was...
OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)
It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE...
Important: java-1.7.0-openjdk
Issue Overview: Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-65...
Google Complies with 'Right to be Forgotten'
In compliance with a Court of Justice of the European Union ruling, Google has taken steps toward a program that will allow Europeans to request their name be removed from certain searches. The ruling under the European Data Protection Law provides Europeans with the “right to be forgotten.” In...
Some of the common password reset vulnerability analysis-vulnerability warning-the black bar safety net
0×0 0 Preface General password reset design is divided into the following four steps: 1. Enter the account name 2. To verify the identity of 3. Reset the password 4. Complete Usually vulnerability is present in 2 or 3 steps, here is a look at some common password reset vulnerability. 0×0 1 blasti...
CVE-2013-4966
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console...
CVE-2013-4966
Puppet Enterprise before 3.2.0 is affected: the master external node classification script does not verify the identity of consoles, which allows remote attackers to spoof a console and create arbitrary classifications on the master. Affected: Puppet Enterprise 3.x prior to 3.2.0. Root cause: mis...
Hackers targeting non-browser applications with Fake SSL Certificates
Having SSL Certification doesn't mean that the website you are visiting is not a bogus website. SSL certificates protect web users in two ways, it encrypts sensitive information such as usernames, passwords, or credit card numbers and also verify the identity of websites. But today hackers and...
MGASA-2013-0299 Updated gnupg2 packages fix multiple vulnerabilities
Updated gnupg2 package fixes security vulnerabilities: RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a "key flags" packet that indicates the capabilities of the key. These are represented as a set of binary flags, including things like "This key may be used to...
dovecot security update
CentOS Errata and Security Advisory CESA-2013:0520 Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...
RedHat Update for dovecot RHSA-2013:0520-02
Check for the Version of dovecot OpenVAS Vulnerability Test RedHat Update for dovecot RHSA-2013:0520-02 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Low: Red Hat Security Advisory: dovecot security and bug fix update
Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...
PayPal Revises Privacy Policy, User Agreement Policy
PayPal announced that it is changing both its privacy and user agreement policies, adding tweaks to its customer identification program and the way it collects and stores its customers’ personal information. The changes will take effect on April 1. Under the new policy, Paypal may collect...
Fedora 14 : myproxy-5.3-1.fc14 (2011-0514)
Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification : The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The...
Facebook Glitch Locks Out Accounts
A bug in an account verification system used by Facebook resulted in a wave of account suspensions Tuesday that had users locked out of the world’s largest social network and scratching their heads over the reason. Facebook discovered a bug in a system designed to detect and disable fake accounts...
Biometrics' Researchers Say Follow Your Nose
Forget iris and fingerprint scans — scanning noses could be a quicker and easier way to verify a person’s identity, according to scientists at the University of Bath. With worries about illegal immigration and identity theft, authorities are increasingly looking to using an individual’s physical...
CentOS 5 : NetworkManager (CESA-2010:0108)
Updated NetworkManager packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. NetworkManager is a network link manager that attempts to keep a wired or wireless...
CentOS 5 : pam_krb5 (CESA-2008:0907)
An updated pamkrb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The pamkrb5 module allows Pluggable Authentication Modules PAM aware applications to use...
Design/Logic Flaw
Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...
CVE-2007-4202
Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...