Lucene search
K

3572 matches found

Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.15 views

Scientific Linux Security Update : nss on SL4.x, SL5.x, SL6.x i386/x86_64

Network Security Services NSS is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders an...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.22 views

Scientific Linux Security Update : GPG-RPM key on SL3.x, SL4.x, SL5.x i386/x86_64

Updating the GPG keys in the release to include a Scientific Linux RPM signing key to sign the rpm's with. We will start using this new key, and stop using Connie or Troy's personal GPG Keys for signing rpm's. This is labeled as Moderate because those machines that have gpg checking turned on wil...

5.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.21 views

CentOS Update for nss CESA-2011:1444 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.3AI score
Exploits0References2
Prion
Prion
added 2012/07/26 7:55 p.m.26 views

Code injection

Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...

5CVSS6.5AI score0.01104EPSS
Exploits1References1Affected Software1
ThreatPost
ThreatPost
added 2012/06/06 7:32 p.m.21 views

Microsoft Details Flame Hash-Collision Attack

The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running...

2.2AI score
Exploits0References4
securityvulns
securityvulns
added 2012/06/06 12:0 a.m.129 views

US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/06/05 11:46 a.m.11 views

Flame Attackers Used Collision Attack to Forge Microsoft Certificate

The attackers behind the Flame malware used a collision attack against a cryptographic algorithm as part of the method for gaining a forged certificate to sign specific components of the attack tool. Microsoft officials said on Tuesday that it’s imperative for customers to install the update issu...

1.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/06/04 12:0 a.m.32 views

MS KB2718704: Unauthorized Digital Certificates Could Allow Spoofing (deprecated)

The remote host is missing KB2718704, which updates the system's SSL certificate blacklist. Certificates issued by the Microsoft Terminal Services licensing certification authority can be used to sign code as Microsoft. An attacker could exploit this to spoof content or perform man-in-the-middle...

Exploits0References3
ThreatPost
ThreatPost
added 2012/05/31 5:54 p.m.10 views

Apple Details iOS Security Features in New Guide

Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and netwo...

0.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2012/05/24 11:45 a.m.9 views

Yahoo Includes Private Key in Source File For Axis Chrome Extension

Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser wil...

0.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/05/11 2:35 p.m.15 views

New .Secure Global TLD Proposed

A group of security experts is working to put together a new global TLD that will require companies and individuals applying for domains to adhere to strict security policies and requirements. The proposed .secure TLD is intended to be a known safe group of domains and would include mandatory use...

8.2AI score
Exploits0
OpenVAS
OpenVAS
added 2012/04/09 12:0 a.m.18 views

Microsoft SMB Signing Disabled

Checks if SMB Signing is disabled at the remote SMB server. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3AI score
Exploits0
OpenVAS
OpenVAS
added 2012/04/02 12:0 a.m.13 views

Microsoft SMB Signing Information Disclosure Vulnerability

The host is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.2AI score
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.39 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain elevated privileges, or access and modify arbitrary...

6.9CVSS7.1AI score0.02454EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2012/03/06 12:0 a.m.33 views

GLSA-201203-03 : Puppet: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201203-03 Puppet: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact : A local attacker could gain elevated privileges, or acces...

6.9CVSS5.8AI score0.02454EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2012/03/01 12:0 a.m.32 views

HP Printer Firmware Signing Disabled

Binary data hpfirmwareupdate.nbin...

10CVSS7.3AI score0.13953EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/02/28 12:0 a.m.16 views

Microsoft SMB Signing Enabled and Not Required At Server

This script finds the SMB Signing is enabled and not required at the server. OpenVAS Vulnerability Test $Id: secpodmssmbsigningenablednotreqatserver.nasl 5940 2017-04-12 09:02:05Z teissa $ Microsoft SMB Signing Enabled and Not Required At Server Authors: Madhuri D Copyright: Copyright c 2012...

Exploits0References1
OpenVAS
OpenVAS
added 2012/02/28 12:0 a.m.21 views

Microsoft SMB Signing Enabled and Not Required At Server

Checks if SMB Signing is enabled and not required at the remote SMB server. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/02/16 12:0 a.m.86 views

MS KB2506014: Update for the Windows Operating System Loader

The remote Windows host contains a version of the Windows OS Loader winload.exe which does not properly enforce driver signing. This could result in unsigned drivers being loaded by winload.exe. While this update does not address any specific vulnerabilities, it prevents winload.exe from loading...

5.6AI score
Exploits0References1
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.47 views

NX Web Companion Spoofing Arbitrary Code Execution Vulnerability

Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution Vulnerability Date: 25.01.2012 Author: otr Software Link: http://www.nomachine.com/documents/plugin/install.php Version: = 3.x Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris CVE : None, yet Summary The No Machine NX We...

1.9AI score
Exploits0
Rows per page
Query Builder