3572 matches found
Scientific Linux Security Update : nss on SL4.x, SL5.x, SL6.x i386/x86_64
Network Security Services NSS is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders an...
Scientific Linux Security Update : GPG-RPM key on SL3.x, SL4.x, SL5.x i386/x86_64
Updating the GPG keys in the release to include a Scientific Linux RPM signing key to sign the rpm's with. We will start using this new key, and stop using Connie or Troy's personal GPG Keys for signing rpm's. This is labeled as Moderate because those machines that have gpg checking turned on wil...
CentOS Update for nss CESA-2011:1444 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Code injection
Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...
Microsoft Details Flame Hash-Collision Attack
The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running...
US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...
Flame Attackers Used Collision Attack to Forge Microsoft Certificate
The attackers behind the Flame malware used a collision attack against a cryptographic algorithm as part of the method for gaining a forged certificate to sign specific components of the attack tool. Microsoft officials said on Tuesday that it’s imperative for customers to install the update issu...
MS KB2718704: Unauthorized Digital Certificates Could Allow Spoofing (deprecated)
The remote host is missing KB2718704, which updates the system's SSL certificate blacklist. Certificates issued by the Microsoft Terminal Services licensing certification authority can be used to sign code as Microsoft. An attacker could exploit this to spoof content or perform man-in-the-middle...
Apple Details iOS Security Features in New Guide
Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and netwo...
Yahoo Includes Private Key in Source File For Axis Chrome Extension
Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser wil...
New .Secure Global TLD Proposed
A group of security experts is working to put together a new global TLD that will require companies and individuals applying for domains to adhere to strict security policies and requirements. The proposed .secure TLD is intended to be a known safe group of domains and would include mandatory use...
Microsoft SMB Signing Disabled
Checks if SMB Signing is disabled at the remote SMB server. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft SMB Signing Information Disclosure Vulnerability
The host is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Puppet: Multiple vulnerabilities
Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain elevated privileges, or access and modify arbitrary...
GLSA-201203-03 : Puppet: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201203-03 Puppet: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact : A local attacker could gain elevated privileges, or acces...
HP Printer Firmware Signing Disabled
Binary data hpfirmwareupdate.nbin...
Microsoft SMB Signing Enabled and Not Required At Server
This script finds the SMB Signing is enabled and not required at the server. OpenVAS Vulnerability Test $Id: secpodmssmbsigningenablednotreqatserver.nasl 5940 2017-04-12 09:02:05Z teissa $ Microsoft SMB Signing Enabled and Not Required At Server Authors: Madhuri D Copyright: Copyright c 2012...
Microsoft SMB Signing Enabled and Not Required At Server
Checks if SMB Signing is enabled and not required at the remote SMB server. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MS KB2506014: Update for the Windows Operating System Loader
The remote Windows host contains a version of the Windows OS Loader winload.exe which does not properly enforce driver signing. This could result in unsigned drivers being loaded by winload.exe. While this update does not address any specific vulnerabilities, it prevents winload.exe from loading...
NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution Vulnerability Date: 25.01.2012 Author: otr Software Link: http://www.nomachine.com/documents/plugin/install.php Version: = 3.x Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris CVE : None, yet Summary The No Machine NX We...