DailyMotion Hacked — 85 Million User Accounts Stolen

Another day, another data breach. This time a popular video sharing platform DailyMotion has allegedly been hacked and tens of millions of users information have been stolen. Breach notification service LeakedSource announced the data breach on Monday after the company obtained 85.2 Million recor...

ipsec-tools -- remotely exploitable computational-complexity attack

Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

Simple Android application service end of the security vulnerability of SQL injection vulnerability and file upload vulnerability-vulnerability warning-the black bar safety net

The first three weeks, the dandelion for everyone brief introduction to the Android application of APP end of the Common Vulnerabilities, they are: Android-developers APP end common security vulnerability interpretation-sensitive information disclosure vulnerability Simple App end security...

DEBIAN-CVE-2016-8646

The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data...

CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11

Microsoft confirmed that Feb. 14, 2017 is the cutoff date for SHA-1 support in its Microsoft Edge and Internet Explorer 11 browsers. After that date, neither browser will immediately load sites still running SHA-1 certificates and users will be shown an invalid certificate warning. Users will als...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)

This update to Mozilla Firefox 50.0 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox MFSA 2016-89 : - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterizeedges1 bmo1292443 - CVE-2016-5292: URL parsing causes crash bmo1288482 - CVE-2016-5297: Incorre...

Google Removing SHA-1 Support in Chrome 56

The home stretch for SHA-1 deprecation is in full effect with Google on Wednesday announcing its final deprecation deadlines for the Chrome browser, and a cryptographic services provider warning that there’s still a long way to go to get sites off SHA-1 certificates. Google said it will remove it...

Auditing Web Applications Firewalls: LightBulb

Auditing Web Applications Firewalls LightBulb is an open source python framework for auditing web applications firewalls Web Applications Firewalls WAFs are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transaction...

CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...

IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)

Binary data 9700.prm...

CVE-2016-5616

Disclaimer: This data contains information about vulnerable...

ssh-audit - SSH Server Auditing

ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information...

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...

CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:2079)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

CVE-2016-5542

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...

CVE-2016-4407

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...