UBUNTU-CVE-2018-7325

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field...

J-LIS The Public Certification Service for Individuals "The JPKI user's software" Untrusted Search Path Vulnerability

J-LIS The Public Certification Service for Individuals "The JPKI user's software" is a set of public certification service software for individuals based on the PKI Public Key Infrastructure platform from Japan Agency for Local Authority Information Systems J-LIS. The JPKI user's software" is a...

Assessing Weaknesses in Public Key Infrastructure

Spreading malware with a legitimate digital certificate is an adversary’s dream come true, with plenty of successful examples tracing back to nation-state attacks such as Stuxnet and Flame, and other misuse that crops up on a regular basis. For a group of University of Maryland researchers, the...

Move away from passwords, deploy Windows Hello. Today!

Something we understood from the very beginning with Windows Hello for Business is our customers would approach Windows 10 in a series of phases. The first phase is to simply deploy the platform itself. From there, additional phases would follow to take advantage of optional Windows 10 technologi...

UBUNTU-CVE-2017-13050

The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpkirtrpduprint...

Moderate: Red Hat Security Advisory: Red Hat Certificate System 8 security, bug fix, and enhancement update

An update is now available for Red Hat Certificate System 8 with Advanced Access. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

UBUNTU-CVE-2015-0234

Multiple temporary file creation vulnerabilities in pki-core 10.2.0...

tcpdump: tcp printer rpki_rtr_pdu_print() missing length check

The rpkirtrpduprint function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read or write and crash via a crafted header length in an RPKI-RTR Protocol Data Unit PDU...

Virtuozzo 7 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-1365)

An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-1364)

An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Huawei SMC2.0 Denial of Service Vulnerability

Huawei SMC2.0 is a video management solution from Huawei, China. The solution supports both H.323 and SIP protocols, and supports access from computers and cell phones. A denial of service vulnerability exists in Huawei SMC2.0, which originates from the program failing to adequately validate...

Scientific Linux Security Update : ipa on SL7.x x86_64 (20170302)

Security Fixes : - It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service proble...

Verified, Efficient TLS Implementation In C: Project Everest

Verified, Efficient TLS Implementation In C The HTTPS ecosystem HTTPS and TLS protocols, X.509 public key infrastructure, crypto algorithms is the foundation on which Internet security is built. Unfortunately, this ecosystem is extremely brittle, with headline-grabbing attacks such as FREAK and...

Amazon Linux AMI : openssl (ALAS-2016-755)

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. CVE-2016-2178 It was...

OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2i. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2i advisory. - Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to...

OpenSSL: OOB read in TS_OBJ_print_bio()

An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Juniper Crypto Bug Let Attackers Eavesdrop on Router, Switch Traffic

Juniper Networks patched a crypto bug tied to its public key infrastructure that could have allowed hackers to access the company’s routers, switches and security devices and eavesdrop on sensitive communications. The flaw was tied to Juniper products and platforms running Junos, the Juniper...

DEBIAN-CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

PYSEC-2016-20

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...