522 matches found
CVE-2017-5652
During a routine security analysis, it was found that one of the ports in Apache Impala incubating 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...
ARM mbedTLS Remote Code Execution Vulnerability
ARM mbed TLS formerly PolarSSL is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A security vulnerability exists in ARM mbed TLS versions prior to 1.3.19, 2.x versions prior to 2.1.7, and 2.4.x versions prior to 2.4.2. A remote attacker cou...
RedHat Update for openssl RHSA-2017:0286-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Open-Xchange: SSL Certification Expired And TLS Vulnerability
I Found SSL Certification Expired at https://licenses.dovecot.fi/ I Found Vulnerability CVE-2016-2183 lists.dovecot.fi CVE-2016-2183 Description : A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover...
F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)
Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...
SUSE-SU-2016:2915-1 Security update for dovecot22
This update for dovecot22 fixes the following issues: - insecure SSL/TLS key and certificate file creation CVE-2016-4983 bnc 984639 - Fix LDAP based authentication for some setups boo 1003952...
CVE-2016-6307
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c...
EMC RSA BSAFE Micro Edition Suite TLS Man-in-the-Middle Attack Vulnerability
EMC RSA BSAFE Micro Edition Suite MES is an encryption toolkit from EMC Corporation. The toolkit helps developers achieve stable and secure application design.TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating...
Default credentials
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors...
BREACH Revived to Steal Private Messages from Gmail, Facebook
The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of th...
SUSE-SU-2016:0770-1 Security update for java-1_6_0-ibm
This update for java-160-ibm fixes the following issues by updating to 6.0-16.20 bsc963937 - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...
Drown cross-Protocol attack on the TLS vulnerability analysis-vulnerability warning-the black bar safety net
Ticker 2 0 1 6 years 3 month 2 days, the OpenSSL official released a new security Bulletin. Mentioned in the post to fix a high risk vulnerability--DROWN cross-Protocol attack on the TLS vulnerability. Baidu cloud security threat management team joint Baidu security Emergency Response Center the...
DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack
Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...
SUSE-SU-2016:0433-1 Security update for java-1_7_0-ibm
This update for java-170-ibm fixes the following issues by updating to 7.0-9.30 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...
Code injection
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service MQXR service crash via unspecified vectors...
Radancy: RC4 cipher suites detected
A group of researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical fla...
Oracle: Security Advisory (ELSA-2014-0625)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-0535
EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, relate...
AIX 6.1 TL 8 : sendmail (IV75644) (Logjam)
The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...