63 matches found
HTTPS Isn't Always as Secure as It Seems
A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear...
SUSE-SU-2019:0572-1 Security update for openssl-1_0_0
This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...
Security Bulletin: Vulnerability in RC4 cipher stream and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...
Man-in-the-Middle (MitM)
kube-rbac-proxy is vulnerable to man-in-the-middle attack. Insecure ciphers and TLS 1.0 are used to establish an SSL connection between the client and server, which would allow a remote attacker to exploit TLS vulnerabilities and perform man-in-the-middle attacks to sniff traffic containing...
Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 5.0 , Version 6.0 and Version 7.0 that is used by Security Directory Integrator. Some of these issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also address...
EUVD-2018-1310
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session...
CVE-2015-2320
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback...
Banking Apps Found Vulnerable to MITM Attacks
Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic. According to researchers at the School of Computer Science at the...
SUSE-SU-2017:2872-2 Security update for MozillaFirefox, mozilla-nss
This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 bsc1060445 MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handsha...
openssl security update
1.0.1e-48.3 - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TSOBJprintbio - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix...
DLA-315-1 nss - security update
Bulletin has no description...
MGASA-2015-0212 Updated async-http-client packages fix security vulnerabilities
Updated async-http-client packages fix security vulnerabilities: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also uses client certificates. This can be exploited by a Man-in-the-middle MITM attack...
mono security vulnerabilities
Multiple TLS related vulnerabilities...
MGASA-2014-0348 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side...
AIX OpenSSL Advisory : ssl_advisory.asc
The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where th...
CentOS Update for java CESA-2013:0245 centos6
Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2013:0245 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130208)
Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-147...
OpenSSL: Denial of service
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Ossi Herrala and Jukka Taimisto of Codenomicon discovered two vulnerabilities: A double free call in the...
CVE-2006-3411
TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys...