1345 matches found
FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)
The Mozilla Project reports : MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...
Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)
Updated not-yet-commons-ssl packages fixes security vulnerability : It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...
CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...
JVN#41281927: LINE vulnerable to script injection
LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...
itBit Exchange: ITBit Vulnerable to SSLSTrip
www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...
openSUSE Security Update : percona-toolkit / xtrabackup (openSUSE-2015-217)
Percona Toolkit and XtraBackup were updated to fix bugs and security issues. Percona XtraBackup was vulnerable to MITM attack which could allow exfiltration of MySQL configuration information via the --version-check option. boo919298 CVE-2015-1027 lp1408375. The openSUSE package has the version...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net
Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...
Komodia SSL Digestor SDK MitM (Detected via DNS Query)
Binary data 8929.prm...
Komodia SSL Digestor SDK MitM (Detected via HTTP Request)
Binary data 8930.prm...
ownCloud 'files_external' RSA Key Validation Information Disclosure Vulnerability
ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...
CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
AVM FRITZ!Box Firmware Signature Bypass Vulnerability
The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface...
Important: java-1.8.0-openjdk
Issue Overview: Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions...
Important: Red Hat Security Advisory: java-1.8.0-openjdk security update
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
RHEL 6 : java-1.8.0-openjdk (RHSA-2015:0069)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0069 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple fla...
MGASA-2014-0560 Updated plasma-nm packages add openvpn certificate verification
Updated plasma-applet-nm packages add OpenVPN option for server certificate verification Plasma-nm does not tell OpenVPN to perform server certificate verification. Consequently, anyone with the preshared key is able to perform a MITM attack by impersonating the server. This update add option to...
python2: multiple issues
CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...