1344 matches found
openSUSE Security Update : ntp (openSUSE-2016-578)
ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002...
MS16-065: Description of the security update for the .NET Framework 2.0 Service Pack 2 in Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 10, 2016
MS16-065: Description of the security update for the .NET Framework 2.0 Service Pack 2 in Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 10, 2016 View products that this article applies to. Summary This security update resolves a vulnerability in the Microsoft .NET...
Vulnerability in OpenSSL - Padding oracle in AES-NI CBC MAC check
A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack CVE-2013-0169. The padding check was rewritten to be in constant time by making sur...
OpenSSL Multiple Vulnerabilities -01 (May 2016) - Linux
OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...
OpenSSL Multiple Vulnerabilities -01 (May 2016) - Windows
OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...
SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1024-1) (Badlock)
samba was updated to fix seven security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...
SUSE-SU-2016:1028-1 Security update for samba
samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...
SUSE-SU-2016:1022-1 Security update for samba
Samba was updated to the 4.2.x codestream, bringing some new features and security fixes bsc973832, FATE320709. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded...
SUSE-SU-2016:1024-1 Security update for samba
samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...
Insecure Defaults Allow MITM Over TLS
Overview Affected versions of engine.io-client do not verify certificates by default, and as such may be vulnerable to Man-in-the-Middle attacks. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, such as...
OpenSSL also new vulnerabilities, more than 1 1 0 0 million https sites affected-vulnerability warning-the black bar safety net
It is understood that recently the researchers in OpenSSL, discovered a new security vulnerability, this vulnerability will be on SSL Secure Socket Layer Security Protocol to generate a huge impact, and attacker may also favor this vulnerability to modern Web sites for attack. Affects more than 1...
OpenSSL Multiple MitM Attack Vulnerabilities - Linux
OpenSSL is prone to multiple man-in-the-middle MitM attack vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OpenSSL 'Diffie-Hellman small subgroups' MitM Attack Vulnerability - Windows
OpenSSL is prone to a man-in-the-middle MitM attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OpenSSL 'Diffie-Hellman small subgroups' MitM Attack Vulnerability - Linux
OpenSSL is prone to a man-in-the-middle MitM attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Lightweight themes on Firefox for Android do not verify a secure connection — Mozilla
Mozilla developer Margaret Leibovic reported when Firefox for Android installs lightweight themes, it does not check to verify that they are served over an HTTPS connection. Instead, themes can be installed over an unencrypted connection, which could allow for a man-in-the-middle MITM attack by...
Hackers Can Remotely Record and Listen Calls from Your Samsung Galaxy Phones
If you own a Samsung Galaxy Phone – S6, S6 Edge or Note 4, in particular – there are chances that a skilled hacker could remotely intercept your voice calls to listen in and even record all your voice conversations. Two security researchers, Daniel Komaromy of San Francisco and Nico Golde of...
DSA-3388-1 ntp - security update
Bulletin has no description...
Eaton Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 6, 2015, and is now being released to the NCCIC/ICS-CERT web site. Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech Nationa...
New vulnerability: the use of a browser Cookie to bypass HTTPS and steal private information-bug warning-the black bar safety net
! Recently, a presence in the major browsers Web cookies in a serious vulnerability is found, it enables secure browsing mode HTTPS is vulnerable to MiTM attacks. In addition, most of the Web sites and popular open source applications may contain Cookie injection vulnerabilities, including: Googl...
Network Security Testing: Evil Foca
Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks. The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the...