CentOS 6 : gnutls (CESA-2015:1457)

Updated gnutls packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

gnutls security update

CentOS Errata and Security Advisory CESA-2015:1457 Updated gnutls packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

Open Web Analytics 1.5.7 Multiple Vulnerabilities

Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor:...

RedHat Update for freeradius RHSA-2015:1287-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gnutls: certificate algorithm consistency checking issue

It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check...

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

Updated gnutls packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

openSUSE Security Update : libcryptopp (openSUSE-2015-504)

libcryptopp was updated to fix one security issue. This security issue was fixed : - CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 did not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allowed...

How to Crack RC4 Encryption in WPA-TKIP and TLS

Security researchers have developed a more practical and feasible attack technique against the RC4 cryptographic algorithm that is still widely used to encrypt communications on the Internet. Despite being very old, RC4 Rivest Cipher 4 is still the most widely used cryptographic cipher implemente...

New Version of TeslaCrypt Changes Encryption Scheme

A new version of the nasty TeslaCrypt ransomware is making the rounds, and the creators have added several new features, including an improved encryption scheme and some details designed to mimic CryptoWall. TeslaCrypt is among the more recent variants of ransomware to emerge and the malware, whi...

Q-shell - Quick Shell for Unix Administrator

q-shell is quick shell for remote login into Unix system, it use blowfish crypt algorithm to protect transport data from client to server, you can get two program: 'qsh' for client, and 'qshd' for server, those program can rename by any name with you prefer. Compile Just enter 'make' and it will...

CVE-2015-2141

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

CVE-2015-2141

libcrypt++ 5.6.2 contains a timing-attack vulnerability in InvertibleRWFunction::CalculateInverse used with Rabin–Williams signatures, enabling remote extraction of private keys. Affected component is the private-key blinding during Rabin–Williams operations; impact is private-key disclosure unde...

[SECURITY] [DLA 262-1] libcrypto++ security update

Package : libcrypto++ Version : 5.6.0-6+deb6u1 CVE ID : CVE-2015-2141 Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow...

Authentication flaw

Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which...

NIST Drops Weak Dual_EC RNG From Official Recommendations

NIST officially has removed the controversial and compromised DualECDRBG from its list of recommended algorithms for generating random numbers. The DualEC random number generator was at the center of a controversy in the security community two years ago after revelations that the National Securit...

Facebook Can Recognize You Even if You Don't Show Your Face

Well, this is incredible and scary both at the same time. Forget about "facial" recognition; Facebook's newest technology is way good at identifying you in photos even without the need to see your face. The New Scientist is reporting about the Facebook's new "experimental" facial recognition...

SAP HANA system exposed to security vulnerabilities, static key exists in the database-vulnerability warning-the black bar safety net

! SAP is well-known in-memory database management system HANA was traced to the presence of security vulnerabilities, static encryption key is actually stored in the database. SAP HANA is SAP ever the fastest-growing products. Vulnerability overview ERPScan researchers held in Amsterdam the black...

FileZilla 3.11.0.2 SFTP Module - Denial of Service

''' Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability Date: 5-6-2015 Vendor homepage: http://www.chiark.greenend.org.uk Software Link:...

CVE-2015-1788

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...