5302 matches found
CVE-2014-8147
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service...
CVE-2014-8147
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service...
CVE-2014-8146
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service...
DEBIAN-CVE-2014-8146
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service...
CVE-2014-8146
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service...
CVE-2014-8147
CVE-2014-8147 concerns ICU4C’s Unicode Bidirectional Algorithm. The vulnerability resides in resolveImplicitLevels (common/ubidi.c) where an integer data type is inconsistent with the header, enabling remote attackers to cause a denial of service via an incorrect malloc followed by an invalid fre...
CVE-2014-8146
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service...
SAP encryption algorithm vulnerability can lead to remote code execution or denial of service-vulnerability warning-the black bar safety net
Now, there is a widely used Protocol appeared unexpected vulnerability, SAP encryption algorithm of the data compression software can lead to remote code execution vulnerability and denial of service vulnerabilities. These problems arise because the SAP encryption algorithm of coding uses a popul...
How to Share Sensitive Files Instantly and Securely
Last week, I have to communicate with my friend overseas in China. We both were aware that our email communications were being monitored. So, we both were forced to install and use a fully-fledged encrypted email system. Although it appeared to be very secure, it was quite cumbersome to handle. I...
Pirelli Router P.DG-A4001N WPA Key Reverse Engineering Rev 2
!/usr/bin/env python -- coding: utf-8 -- ''' @license: GPLv3 @author : Eduardo Novella @contact: ednoloainf.upv.es @twitter: @enovella ----------------- Target : ----------------- Vendor : ADB broadband Pirelli Router : Model P.DG-A4001N ISP : Arnet Telecom Argentina, MEO Portugal Possible-target...
Foxit Reader PDF <= 7.1.3.320 - Parsing Memory Corruption Vulnerability
Exploit for windows platform in category local exploits Application: Foxit Reader PDF Parsing Memory Corruption Platforms: Windows Versions: The vulnerabilities are reported in Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306,...
AIX Java Advisory : Multiple Vulnerabilities (Bar Mitzvah)
The version of Java SDK installed on the remote host is affected by multiple vulnerabilities : - A man-in-the-middle information disclosure vulnerability exists due to a TLS security downgrade flaw. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORTRSA ciph...
Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption
Application: Foxit Reader PDF Parsing Memory Corruption Platforms: Windows Versions: The vulnerabilities are reported in Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306, 7.1.2.311, and 7.1.3.320. Secunia: SA63346 PRL: 2015-05...
'Fully Secure Systems Don't Exist'
SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the year...
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...
FreeBSD : Ruby -- OpenSSL Hostname Verification Vulnerability (d4379f59-3e9b-49eb-933b-61de4d0b0fdb)
Ruby Developers report : After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby's OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. ...
Forpix - Software for detecting affine image files
forpix is a forensic program for identifying similar images that are no longer identical due to image manipulation. Hereinafter I will describe the technical background for the basic understanding of the need for such a program and how it works. From image files or files in general you can create...
Ruby -- OpenSSL Hostname Verification Vulnerability
Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. I...
Inductive Automation Ignition < 7.7.4 Multiple Vulnerabilities
Inductive Automation Ignition is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.3 Security Update : GnuTLS (SAT Patch Number 10536)
GnuTLS was updated to fix two security issues : - A certificate algorithm consistency checking issue was fixed, where GnuTLS did not check whether the two signature algorithms match on certificate import. This problem is not deemed to be exploitable currently. CVE-2015-0294 - GNUTLS-SA-2015-1:...