SUSE-SU-2017:3025-1 Security update for xorg-x11-server

This update for xorg-x11-server provides several fixes. These security issues were fixed: - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText and XkbStringText bsc1051150. - Improve the entropy when generating random data used in X.org server authorization cookies generation...

SA153: NSS Vulnerabilities Apr-May 2017

SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to two security vulnerabilities. A remote attacker can send empty SSLv2 messages and cause denial of service through application crashes. An attacker can also have unspecified impact by exploiting a...

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial...

Multiple vulnerabilities exist in the embedded programmable logic controller OVEEN PLK110 software, allowing a malicious actor to cause malfunctions during maintenance operations.

Multiple vulnerabilities exist in the embedded programmable logic controller OVEEN PLK110’s software, due to insufficient testing of input data. Exploitation of these vulnerabilities could allow an attacker to trigger malfunctions by repeatedly sending specially crafted requests with randomly...

PWGen - Generator of cryptographically-strong passwords

PWGen is a professional password generator capable of creating large amounts of cryptographically-secure passwords or passphrases consisting of words from a word list. It uses a “random pool ” technique to generate random data based on user inputs keystrokes, mouse handling and volatile system...

nut -- upsd can be remotely crashed

Networkupstools project reports: NUT server upsd, from versions 2.4.0 to 2.6.3, are exposed to crashes when receiving random data from the network. This issue is related to the way NUT parses characters, especially from the network. Non printable characters were missed from strings operation such...

Cisco TFTP Server 1.1 Denial of Service Exploit

Exploit for windows platform in category dos / poc =============================================== Cisco TFTP Server 1.1 Denial of Service Exploit =============================================== Exploit Title: Cisco TFTP Server 1.1 Date: 2010-03-25 Author: SuBz3r0 Software Link:...

openSUSE Security Update : opera (opera-366)

Opera 9.63 fixes the following security problems : - Manipulating text input contents can allow execution of arbitrary code - HTML parsing flaw can cause Opera to execute arbitrary code. - Long hostnames in file: URLs can cause execution of arbitrary code. - Script injection in feed preview can...

Microsoft MS03-034 security check

Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target system's memory. This data could, for example, be a segment of HTML if the user on the target system was using an Internet browser, or it could contain...

Opera Web Browser Multiple Vulnerabilities (Dec 2008) - Windows

Opera web browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)

The host is installed with Opera web browser and is prone to multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperamultvulndec08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Multiple Vulnerabilities - Dec08 Windows Authors: Chandan S Copyright: Copyright c 2008...

CVE-2008-5683

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors...

Security feature bypass

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors...

CVE-2008-5683

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors...

SOL8331 - OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Information...

Opera: Multiple vulnerabilities

Background Opera is a fast Web browser that is available free of charge. Description David Bloom reported two vulnerabilities where plug-ins CVE-2007-6520 and Rich text editing CVE-2007-6522 could be used to allow cross domain scripting. Alexander Klink Cynops GmbH discovered an issue with TLS...

opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes: Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date. Fixed an issue with TLS certificates that could be used to execute arbitrary code, as...

CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

CVE-2006-0632

The CVE-2006-0632 entry affects phpBB 2.0.19. The gen_rand_string function uses insufficiently random data (small value space) to generate the activation key (validation ID) sent by e-mail when establishing a password, enabling remote attackers to obtain the key and modify passwords for existing ...

Kill service with random data

It was possible to crash the remote service by sending it a few kilobytes of random data. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...