532 matches found
OpenSSL 1.1.0a/1.1.0b - Denial of Service
Exploit Title: OpenSSL 1.1.0a & 1.1.0b Heap Overflow Remote DOS vulnerability Date: 11-12-2016 Software Link: https://www.openssl.org/source/old/1.1.0/ Exploit Author: Silverfox Contact: http://twitter.com/Silverfox Website: https://www.silverf0x00.com/ CVE: CVE-2016-7054 Category: Denial of...
OpenSSL 1.1.0a1.1.0b - Denial of Service
OpenSSL 1.1.0a1.1.0b - Denial of Service Exploit Title: OpenSSL 1.1.0a & 1.1.0b Heap Overflow Remote DOS vulnerability Date: 11-12-2016 Software Link: https://www.openssl.org/source/old/1.1.0/ Exploit Author: Silverfox Contact: http://twitter.com/Silverfox Website: https://www.silverf0x00.com/ CV...
OpenSSL 1.1.0 < 1.1.0c Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0c. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0c advisory. - There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before...
OpenSSL Patches High-Severity Denial-of-Service Bug
OpenSSL on Thursday patched three vulnerabilities in its latest update, and reminded users running version 1.0.1 of the cryptographic library that that security support will end Dec. 31. Of the three bugs, only one was rated high severity and could lead to OpenSSL crashes. Only OpenSSL 1.1.0 is...
Vulnerability in OpenSSL - ChaCha20/Poly1305 heap-buffer-overflow
TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. Found by Robert Święcki Google Security Team...
openssl -- multiple vulnerabilities
OpenSSL reports: ChaCha20/Poly1305 heap-buffer-overflow CVE-2016-7054 Severity: High TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a Do...
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-714)
This update to Mozilla Firefox 47 fixes the following issues boo983549 : Security fixes : - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free...
Security update for MozillaFirefox, mozilla-nss (important)
This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...
Security update for MozillaFirefox, mozilla-nss (important)
This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...
CloudFlare Deploys ChaCha20-Poly1305 Encryption Across Sites
After rolling out free SSL for its users last fall, CloudFlare has deployed a new level of encryption on its service that hardens and speeds up the user experience, especially when accessing domains via mobile browsers. The form of encryption, a relatively new transport layer cipher suite known a...
Google Changes Ciphers in Chrome on Android
The emergence of mobile platforms such as iOS and Android have presented a number of challenges in terms of security. Not much can be done about some of these, like users leaving their phones in bars. But engineers at Google have been working on one of the thornier ones of late–how to provide sol...
Boasting Better Encryption, Bug Fixes, OpenSSH 6.5 Released
The OpenBSD Project pushed out a new build on Thursday of the OpenSSH security suite, adding a new private key format, a new transport cipher and fixing 15 bugs in the Secure Shell. OpenSSH version 6.5 adds support for the key exchange using elliptic-curve Diffie Hellman within cryptographer Dani...