Lucene search
K

1344 matches found

Tenable Nessus
Tenable Nessus
added 2016/05/13 12:0 a.m.51 views

openSUSE Security Update : ntp (openSUSE-2016-578)

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002...

7.7CVSS6.5AI score0.11887EPSS
Exploits5References32
Microsoft KB
Microsoft KB
added 2016/05/10 7:0 a.m.52 views

MS16-065: Description of the security update for the .NET Framework 2.0 Service Pack 2 in Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 10, 2016

MS16-065: Description of the security update for the .NET Framework 2.0 Service Pack 2 in Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 10, 2016 View products that this article applies to. Summary This security update resolves a vulnerability in the Microsoft .NET...

5.9CVSS5.7AI score0.08389EPSS
Exploits0
OpenSSL
OpenSSL
added 2016/05/03 12:0 a.m.349 views

Vulnerability in OpenSSL - Padding oracle in AES-NI CBC MAC check

A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack CVE-2013-0169. The padding check was rewritten to be in constant time by making sur...

6.8AI score0.89058EPSS
Exploits7Affected Software1
OpenVAS
OpenVAS
added 2016/05/02 12:0 a.m.64 views

OpenSSL Multiple Vulnerabilities -01 (May 2016) - Linux

OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...

8.2CVSS8.5AI score0.89058EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2016/05/02 12:0 a.m.61 views

OpenSSL Multiple Vulnerabilities -01 (May 2016) - Windows

OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...

8.2CVSS8.5AI score0.89058EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2016/04/15 12:0 a.m.47 views

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1024-1) (Badlock)

samba was updated to fix seven security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

7.5CVSS6.6AI score0.3693EPSS
Exploits0References27
OSV
OSV
added 2016/04/13 2:32 p.m.12 views

SUSE-SU-2016:1028-1 Security update for samba

samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

7.5CVSS6.9AI score0.3693EPSS
Exploits0References16
OSV
OSV
added 2016/04/12 6:46 p.m.12 views

SUSE-SU-2016:1022-1 Security update for samba

Samba was updated to the 4.2.x codestream, bringing some new features and security fixes bsc973832, FATE320709. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded...

7.5CVSS7.2AI score0.3693EPSS
Exploits0References28
OSV
OSV
added 2016/04/12 6:42 p.m.5 views

SUSE-SU-2016:1024-1 Security update for samba

samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

7.5CVSS7.1AI score0.3693EPSS
Exploits0References20
Node.js
Node.js
added 2016/04/04 7:46 p.m.40 views

Insecure Defaults Allow MITM Over TLS

Overview Affected versions of engine.io-client do not verify certificates by default, and as such may be vulnerable to Man-in-the-Middle attacks. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, such as...

4.3CVSS3.5AI score0.01013EPSS
Exploits0Affected Software1
myhack58
myhack58
added 2016/03/02 12:0 a.m.12 views

OpenSSL also new vulnerabilities, more than 1 1 0 0 million https sites affected-vulnerability warning-the black bar safety net

It is understood that recently the researchers in OpenSSL, discovered a new security vulnerability, this vulnerability will be on SSL Secure Socket Layer Security Protocol to generate a huge impact, and attacker may also favor this vulnerability to modern Web sites for attack. Affects more than 1...

Exploits0
OpenVAS
OpenVAS
added 2016/02/01 12:0 a.m.38 views

OpenSSL Multiple MitM Attack Vulnerabilities - Linux

OpenSSL is prone to multiple man-in-the-middle MitM attack vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS6.2AI score0.9986EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2016/02/01 12:0 a.m.46 views

OpenSSL 'Diffie-Hellman small subgroups' MitM Attack Vulnerability - Windows

OpenSSL is prone to a man-in-the-middle MitM attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.7CVSS5.9AI score0.83645EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2016/02/01 12:0 a.m.56 views

OpenSSL 'Diffie-Hellman small subgroups' MitM Attack Vulnerability - Linux

OpenSSL is prone to a man-in-the-middle MitM attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.7CVSS5.9AI score0.83645EPSS
Exploits1References1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.33 views

Lightweight themes on Firefox for Android do not verify a secure connection — Mozilla

Mozilla developer Margaret Leibovic reported when Firefox for Android installs lightweight themes, it does not check to verify that they are served over an HTTPS connection. Instead, themes can be installed over an unencrypted connection, which could allow for a man-in-the-middle MITM attack by...

5.3CVSS6.6AI score0.00452EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2015/11/13 8:3 a.m.13 views

Hackers Can Remotely Record and Listen Calls from Your Samsung Galaxy Phones

If you own a Samsung Galaxy Phone – S6, S6 Edge or Note 4, in particular – there are chances that a skilled hacker could remotely intercept your voice calls to listen in and even record all your voice conversations. Two security researchers, Daniel Komaromy of San Francisco and Nico Golde of...

7AI score
Exploits0
OSV
OSV
added 2015/11/01 12:0 a.m.49 views

DSA-3388-1 ntp - security update

Bulletin has no description...

9.8CVSS6.9AI score0.81762EPSS
Exploits7
ICS
ICS
added 2015/10/09 6:0 a.m.49 views

Eaton Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 6, 2015, and is now being released to the NCCIC/ICS-CERT web site. Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech Nationa...

9.3CVSS7.3AI score0.02252EPSS
Exploits0References10
myhack58
myhack58
added 2015/09/27 12:0 a.m.18 views

New vulnerability: the use of a browser Cookie to bypass HTTPS and steal private information-bug warning-the black bar safety net

! Recently, a presence in the major browsers Web cookies in a serious vulnerability is found, it enables secure browsing mode HTTPS is vulnerable to MiTM attacks. In addition, most of the Web sites and popular open source applications may contain Cookie injection vulnerabilities, including: Googl...

0.3AI score
Exploits0
n0where
n0where
added 2015/09/24 6:44 p.m.28 views

Network Security Testing: Evil Foca

Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks. The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the...

0.2AI score
Exploits0References1
Rows per page
Query Builder