Debian DSA-3191-1 : gnutls26 - security update

Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0282 GnuTLS does not verify the RSA PKCS 1 signature algorithm to match the signature algorith...

Debian Security Advisory DSA 3191-1 (gnutls26 - security update)

Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0282 GnuTLS does not verify the RSA PKCS 1 signature algorithm to match the signature algorithm i...

DSA-3191-1 gnutls26 - security update

Bulletin has no description...

[SECURITY] Fedora 20 Update: gnupg-1.4.19-2.fc20

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

SecureRandom vulnerability details（CVE-2 0 1 3-7 3 7 2-the vulnerability warning-the black bar safety net

0×0 0 vulnerability overview Android 4.4 previous versions of the Java cryptographic architectureJCAusing Apache Harmony 6. 0M3 and the previous version of the SecureRandom implementation there is a security vulnerability, specifically located in the...

UBUNTU-CVE-2015-0282

GnuTLS before 3.1.0 does not verify that the RSA PKCS 1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

[SECURITY] Fedora 22 Update: librsync-1.0.0-1.fc22

librsync implements the "rsync" algorithm, which allows remote differencing of binary files. librsync computes a delta relative to a file's checksum, so the two files need not both be present to generate a delta. This library was previously known as libhsync up to version 0.9.0. The current versi...

[SECURITY] Fedora 21 Update: gnupg-1.4.19-1.fc21

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

DEBIAN-CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

cryptopp -- multiple vulnerabilities

Multiple sources report: CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

CVE-2015-1355

Siemens SIMATIC STEP 7 TIA Portal before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack...

CVE-2015-1355

Siemens SIMATIC STEP 7 TIA Portal before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack...

Internet Bug Bounty: Segmentation fault for invalid PSS parameters

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification...

openSUSE Security Update : strongswan (openSUSE-SU-2015:0114-1)

This update fixes the following security issues : - denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellman group 1025 bsc910491,CVE-2014-9221. - Applied an upstream patch reverting to store algorithms in the registration order...

Cisco Ironport Appliance Privilege Escalation

/ Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0 Date: 22/05/2014 Credits: Glafkos Charalambous...

Cisco Ironport Appliances Privilege Escalation Exploit

Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorith...

Cisco Ironport Appliances - Privilege Escalation

Cisco Ironport Appliances - Privilege Escalation / Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0...

Cisco Ironport Appliances - Privilege Escalation

/ Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0 Date: 22/05/2014 Credits: Glafkos Charalambous...

kernel: lzo1x_decompress_safe() integer overflow

An integer overflow flaw was found in the way the lzo1xdecompresssafe function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system...

Multiple directory traversal vulnerability in ha

ha is a set of compression software using the HSC compression algorithm developed by software developer Mikhail Gusarov. A multiple directory traversal vulnerability exists in ha, which could be exploited by a remote attacker to read arbitrary files within the context of the application...