Lucene search
K

1345 matches found

Tenable Nessus
Tenable Nessus
added 2015/04/01 12:0 a.m.36 views

FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)

The Mozilla Project reports : MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...

7.5CVSS8.8AI score0.67465EPSS
Exploits4References32
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.24 views

Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)

Updated not-yet-commons-ssl packages fixes security vulnerability : It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...

6.8CVSS8.2AI score0.00932EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/03/24 9:5 p.m.2 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS7.2AI score0.09149EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/20 12:0 a.m.32 views

JVN#41281927: LINE vulnerable to script injection

LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...

5.9CVSS5.3AI score0.0018EPSS
Exploits0
Hacker One
Hacker One
added 2015/03/12 4:34 p.m.22 views

itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/12 12:0 a.m.63 views

openSUSE Security Update : percona-toolkit / xtrabackup (openSUSE-2015-217)

Percona Toolkit and XtraBackup were updated to fix bugs and security issues. Percona XtraBackup was vulnerable to MITM attack which could allow exfiltration of MySQL configuration information via the --version-check option. boo919298 CVE-2015-1027 lp1408375. The openSUSE package has the version...

5.9CVSS6.4AI score0.01195EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2015/03/05 7:51 a.m.3 views

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

4.3CVSS6.6AI score0.99999EPSS
Exploits7References4
myhack58
myhack58
added 2015/03/05 12:0 a.m.26 views

“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net

Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...

Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/01 12:0 a.m.15 views

Komodia SSL Digestor SDK MitM (Detected via DNS Query)

Binary data 8929.prm...

5CVSS7.3AI score0.02775EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2015/03/01 12:0 a.m.25 views

Komodia SSL Digestor SDK MitM (Detected via HTTP Request)

Binary data 8930.prm...

5CVSS7.3AI score0.02775EPSS
Exploits2References8
OpenVAS
OpenVAS
added 2015/02/19 12:0 a.m.20 views

ownCloud 'files_external' RSA Key Validation Information Disclosure Vulnerability

ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

4.3CVSS6.3AI score0.01078EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.2 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix

It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/01/26 6:10 p.m.5 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
0day.today
0day.today
added 2015/01/22 12:0 a.m.95 views

AVM FRITZ!Box Firmware Signature Bypass Vulnerability

The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface...

9.3CVSS7.7AI score0.01503EPSS
Exploits3
Amazon
Amazon
added 2015/01/22 12:0 a.m.61 views

Important: java-1.8.0-openjdk

Issue Overview: Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions...

10CVSS7.1AI score0.99999EPSS
Exploits12References1
RedHat Linux
RedHat Linux
added 2015/01/21 9:38 p.m.55 views

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

10CVSS6.8AI score0.99999EPSS
Exploits12References16
Tenable Nessus
Tenable Nessus
added 2015/01/21 12:0 a.m.34 views

RHEL 6 : java-1.8.0-openjdk (RHSA-2015:0069)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0069 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple fla...

10CVSS7AI score0.99999EPSS
Exploits12References31
OSV
OSV
added 2014/12/31 12:28 p.m.4 views

MGASA-2014-0560 Updated plasma-nm packages add openvpn certificate verification

Updated plasma-applet-nm packages add OpenVPN option for server certificate verification Plasma-nm does not tell OpenVPN to perform server certificate verification. Consequently, anyone with the preshared key is able to perform a MITM attack by impersonating the server. This update add option to...

7.1AI score
Exploits0References5
ArchLinux
ArchLinux
added 2014/12/15 12:0 a.m.64 views

python2: multiple issues

CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...

5.8CVSS0.4AI score0.03913EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2014/12/01 7:23 p.m.10 views

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

4.3CVSS6.6AI score0.99999EPSS
Exploits7References4
Rows per page
Query Builder