Lucene search
K

364 matches found

OSV
OSV
added 2015/03/19 10:59 p.m.3 views

DEBIAN-CVE-2015-0293

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...

5CVSS8.9AI score0.21389EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2015/03/19 5:10 p.m.90 views

USN-2537-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

7.5CVSS7.8AI score0.44741EPSS
Exploits1
OSV
OSV
added 2015/03/17 12:0 a.m.5 views

UBUNTU-CVE-2015-0293

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...

5CVSS6.7AI score0.21389EPSS
Exploits0References3
Veeam
Veeam
added 2015/02/10 12:0 a.m.23 views

Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server

Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...

7.2AI score
Exploits0Affected Software1
myhack58
myhack58
added 2014/11/13 12:0 a.m.33 views

[CVE-2 0 1 4-3 1 0 0]Android KeyStore stack overflow vulnerability analysis-vulnerability warning-the black bar safety net

CVE-2 0 1 4-3 1 0 0 is Android platform KeyStore to a stack overflow vulnerability. This vulnerability is the last 9 month by IBM of the two engineers found and reported to Google, in year 6, on 2 3, is disclosed. After the public, Google also released a vulnerability test code. So what is a...

0.2AI score
Exploits0
Nmap
Nmap
added 2014/06/11 1:43 p.m.1725 views

ssl-ccs-injection NSE Script

Detects whether a server is vulnerable to the SSL/TLS "CCS Injection" vulnerability CVE-2014-0224, first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle In order to exploit the vulnerablity, a MITM attacker would effectively do the...

10CVSS9.6AI score0.99448EPSS
Exploits42
OSV
OSV
added 2014/06/05 9:55 p.m.7 views

CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

7.4CVSS7.3AI score0.95326EPSS
Exploits9References310
Prion
Prion
added 2014/06/05 9:55 p.m.37 views

Design/Logic Flaw

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

5.8CVSS6.8AI score0.95326EPSS
Exploits9References303Affected Software16
Kitploit
Kitploit
added 2014/05/30 6:7 p.m.23 views

Volafox - Mac OS X & BSD Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this...

7.3AI score
Exploits0
myhack58
myhack58
added 2013/11/06 12:0 a.m.21 views

Hackers can remotely control your phone – Android 4.4 break vulnerability with EXP-a vulnerability warning-the black bar safety net

Security expert Jay Freeman discovered Android 4.4 in addition a Master Key vulnerability that allows an attacker to bypass signature verification and malicious code detection, in the legal application to inject malicious code. ! “Android Master Key vulnerability”of the earliest in the last 7...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2013/11/02 2:5 p.m.11 views

Another Master Key vulnerability discovered in Android 4.3

Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called "Android Master Key vulnerability" that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be us...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/11/02 3:5 a.m.18 views

Another Master Key vulnerability discovered in Android 4.3

None...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2013/08/05 4:19 p.m.9 views

Android Master Key Vulnerability Responsible Disclosure

The researcher behind the now well known Android Master Key vulnerability shared more details about the disclosure process, during which attackers somehow managed to reverse engineer a patch for the bug, and write and distribute malware days before Google released the patch to the public. Jeff...

7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2013/07/16 6:59 p.m.9 views

Chinese Hackers discovered second Android master key vulnerability

Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2013/07/16 9:0 a.m.11 views

New App ReKey Fixes Android Master Key Vulnerability

The Android master key vulnerability disclosed a couple of weeks ago puts nearly all Android phones at risk of attacks that can modify legitimate apps with malicious code that would give the attacker full control of the device. Google has released a patch, but Android users are dependent upon the...

0.6AI score
Exploits0References3
The Hacker News
The Hacker News
added 2013/07/16 7:59 a.m.16 views

Chinese Hackers discovered second Android master key vulnerability

Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2013/07/15 3:43 p.m.10 views

Another Android Master Key Attack Published

A second Android Master Key attack has been reported that takes advantage of the vulnerability in the way Android reads APK files, enabling hackers to modify signed legitimate apps with malware. The vulnerability occurs in the way Android conducts integrity checks on APK files. An attacker could...

7.3AI score
Exploits0References5
NVD
NVD
added 2013/07/09 5:55 p.m.21 views

CVE-2013-4787

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file APK that is modified in a way that does not violate the cryptographic signature, probably involving multiple...

9.3CVSS7.5AI score0.5892EPSS
Exploits0References7
CVE
CVE
added 2013/07/09 5:0 p.m.99 views

CVE-2013-4787

Android 1.6–4.2 (Donut to Jelly Bean) contains a flaw in verifying APK cryptographic signatures: an APK.modified file with duplicate Zip entries may be installed despite one entry being validated, enabling arbitrary code execution via the Master Key vulnerability. The issue arises from inconsiste...

9.3CVSS7.7AI score0.5892EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/07/09 5:0 p.m.33 views

CVE-2013-4787

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file APK that is modified in a way that does not violate the cryptographic signature, probably involving multiple...

7.5AI score0.5892EPSS
Exploits0References7
Rows per page
Query Builder