CVE-2016-4686

CVE-2016-4686 affects iOS prior to 10.1 in the Contacts component. The issue is an access-control flaw where an application may maintain access to the Address Book after the user revokes it in Settings. The root cause is not fully detailed in the provided documents, but Apple’s iOS 10.1 security ...

DEBIAN-CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

Session fixation

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

UBUNTU-CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

CVE-2016-6582

The CVE-2016-6582 entry concerns the Doorkeeper gem for Ruby, with versions prior to 4.2.0. The underlying issue is a failure to implement the OAuth 2.0 Token Revocation specification, which could allow remote attackers to conduct replay attacks or revoke arbitrary tokens. The available connected...

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

Buggy Domain Validation Forces GoDaddy to Revoke Certs

GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that dat...

December 13, 2016 — KB3205386 (OS Build 10586.713)

December 13, 2016 — KB3205386 OS Build 10586.713 Improvements and fixes This security update includes these additional improvements and fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer. Addressed issue with...

License cannot be installed in Veeam ONE

Challenge When installing the license file, the following error message may occur: License signature is invalid Copy Cause Sometimes the license check module is unable to process the license key correctly, some certificates are missing, outdated or machine has no internet connection to verify the...

OWASP SSL TLS Scanning : DeepViolet

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfo...

DEBIAN-CVE-2016-7052

crypto/x509/x509vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service NULL pointer dereference and application crash by triggering a CRL operation...

OpenSSL Fixes Critical Bug Introduced by Latest Update

OpenSSL today released an emergency security update after a patch in its most recent update issued last week introduced a critical vulnerability in the cryptographic library. The new flaw affects only OpenSSL 1.1.0a, which was made available last Thursday; users are urged to update to 1.1.0b...

CVE-2016-5404

The certrevoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission...

Command injection

The certrevoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission...

RedHat Update for ipa RHSA-2016:1797-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for ipa-admintools CESA-2016:1797 centos6

Check the version of ipa-admintools SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882553";...

Aruba Networks / Alcatel-Lucent Private Key Disclosure

This advisory is accompanied by a blog post regarding a recap on our published "House of Keys" research study on the re-use of cryptographic secrets from 11/2015. For further information also see http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html SEC Consult...