Lucene search
+L

522 matches found

Tenable Nessus
Tenable Nessus
added 2015/07/23 12:0 a.m.68 views

Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)

According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection XXE flaw exists in the Apache ActiveMQ component due to a faulty...

9.8CVSS7.6AI score0.9986EPSS
Exploits3References20
Tenable Nessus
Tenable Nessus
added 2015/06/26 12:0 a.m.63 views

CentOS 6 / 7 : nss / nss-util (CESA-2015:1185) (Logjam)

Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

4.3CVSS7.2AI score0.9986EPSS
Exploits2References6
OSV
OSV
added 2015/05/20 12:0 a.m.4 views

UBUNTU-CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

3.7CVSS6.2AI score0.9986EPSS
Exploits1References17
myhack58
myhack58
added 2015/05/11 12:0 a.m.15 views

SSL/TLS is the latest vulnerability ordination ceremony parsing-vulnerability warning-the black bar safety net

2 0 1 5 year 3 month, there are about 3 0% of the network communication is controlled by the RC4 to be protected. By“ordination ceremony”attack, the attacker may be in a particular environment just by sniffing the visit listen you can restore using RC4 to protect the encrypted information in plai...

0.8AI score
Exploits0
Oracle linux
Oracle linux
added 2015/04/02 12:0 a.m.364 views

openssl-fips security update

1.0.1m-2.0.1 - update to upstream 1.0.1m - update to fips canister 2.0.9 - regenerated below patches openssl-1.0.1-beta2-rpmbuild.patch openssl-1.0.1m-rhcompat.patch openssl-1.0.1m-ecc-suiteb.patch openssl-1.0.1m-fips-mode.patch openssl-1.0.1m-version.patch openssl-1.0.1m-evp-devel.patch...

10CVSS0.2AI score0.99999EPSS
Exploits158
The Hacker News
The Hacker News
added 2015/04/01 8:25 p.m.11 views

FREAK Attack: How to Protect Yourself

The recently disclosed FREAK Factoring attack on RSA Export Keys attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices. FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to us...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2015/03/16 12:0 a.m.74 views

APPLE-SA-2015-03-09-2 AppleTV 7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-2 AppleTV 7.1 AppleTV 7.1 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description:...

9.3CVSS0.19633EPSS
Exploits1
Opera Security Advisories
Opera Security Advisories
added 2015/03/10 12:0 a.m.8 views

Dealing with FREAK and SuperFish

Security Dealing with FREAK and SuperFish Share March 10th, 2015 The FREAK TLS attack Following the trend of memorable names for TLS attacks, FREAK was recently announced. This exploits a bug in some TLS libraries, combined with the support of ancient weak ciphers, to enable a MitM to force...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
myhack58
myhack58
added 2015/03/05 12:0 a.m.26 views

“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net

Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...

Exploits0
ThreatPost
ThreatPost
added 2014/12/09 10:20 a.m.10 views

Researchers Say POODLE Attack Affects Some TLS Implementations

The POODLE attack against SSLv3 that researchers from Google revealed earlier this year also affects some implementations of TLS and vendors now are scrambling to release patches for gear affected by the vulnerability. Soon after the POODLE attack was disclosed in October, researchers began looki...

Exploits0References4
RedHat Linux
RedHat Linux
added 2014/11/03 8:36 a.m.31 views

Moderate: Red Hat Security Advisory: python-keystoneclient security and bug fix update

Updated python-keystoneclient packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

4.3CVSS5.8AI score0.01948EPSS
Exploits0References5
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.73 views

[ MDVSA-2014:170 ] jakarta-commons-httpclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...

4.3CVSS6AI score0.05844EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.61 views

F5 Networks BIG-IP : TLS vulnerability (SOL15564)

The ssl23getclienthello function in s23srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a 'protocol...

4.3CVSS6.8AI score0.13327EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2014/09/05 12:0 a.m.166 views

SOL15564 - TLS vulnerability CVE-2014-3511

1 If you are planning to upgrade to BIG-IP APM 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to SOL15914: The tmm process may restart and produce a core file after BIG-IP APM systems are upgraded...

4.3CVSS6.2AI score0.13327EPSS
Exploits0References6
OSV
OSV
added 2014/08/25 8:44 a.m.8 views

MGASA-2014-0347 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...

5.8CVSS6AI score0.09149EPSS
Exploits1References4
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2014/06/10 12:0 a.m.53 views

Stable Channel Update for Chrome OS

The Stable channel has been updated to 35.0.1916.155 Platform version: 5712.88.0 / 5712.89.0 for all Chrome OS devices. This build contains a flash update 14.0.0.125, number of bug fixes, and security updates. Here is the Chromium change log. Systems will be receiving updates over the next severa...

7.8CVSS7.2AI score0.95326EPSS
Exploits24Affected Software1
RedHat Linux
RedHat Linux
added 2014/06/05 2:56 p.m.7 views

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

7.4CVSS6.6AI score0.95326EPSS
Exploits9References8
ThreatPost
ThreatPost
added 2014/04/07 4:23 p.m.7 views

OpenSSL Fixes TLS Vulnerability

The maintainers of the OpenSSL library, one of the more widely deployed cryptographic libraries on the Web, have fixed a serious vulnerability that could have resulted in the revelation of 64 KB of memory to any client or server that was connected. The details of the vulnerability, fixed in versi...

6.4AI score
Exploits0References4
securityvulns
securityvulns
added 2014/02/28 12:0 a.m.102 views

APPLE-SA-2014-02-21-3 Apple TV 6.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-21-3 Apple TV 6.0.2 Apple TV 6.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may capture or modify data in sessions...

5.8CVSS0.1AI score0.05715EPSS
Exploits6
Mageia
Mageia
added 2013/06/18 2:56 p.m.23 views

Updated telepathy-gabble package fixes security vulnerability

Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack...

6.8CVSS4.4AI score0.02027EPSS
Exploits0References4
Rows per page
Query Builder