MGASA-2014-0481 Updated polarssl package fix security vulnerabilities

A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker signature algorithm than available. This has been fixed in PolarSSL 1.3.9 CVE-2014-8627. Two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in PolarSSL 1.3.9 CVE-2014-8628...

Updated polarssl package fix security vulnerabilities

A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker signature algorithm than available. This has been fixed in PolarSSL 1.3.9 CVE-2014-8627. Two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in PolarSSL 1.3.9 CVE-2014-8628...

[SECURITY] Fedora 20 Update: oath-toolkit-2.4.1-6.fc20

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

Matsnu Botnet DGA Builds Domains From List of Nouns, Verbs

Domain generation algorithms have been botmasters’ favorite tool for keeping malware up and running—and for frustrating security researchers and detection technologies. Like malware, DGAs evolve, thus complicating an already tricky cat-and-mouse game between criminals and white hats. The latest i...

[SECURITY] Fedora 21 Update: oath-toolkit-2.4.1-6.fc21

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

[CVE-2 0 1 4-3 1 0 0]Android KeyStore stack overflow vulnerability analysis-vulnerability warning-the black bar safety net

CVE-2 0 1 4-3 1 0 0 is Android platform KeyStore to a stack overflow vulnerability. This vulnerability is the last 9 month by IBM of the two engineers found and reported to Google, in year 6, on 2 3, is disclosed. After the public, Google also released a vulnerability test code. So what is a...

DSA-3065-1 libxml-security-java - security update

Bulletin has no description...

Code injection

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm DSA signatures via unspecified vectors...

CVE-2014-8587

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm DSA signatures via unspecified vectors...

WirelessNetView - Wireless Network Monitoring Tool

WirelessNetView is a small utility that runs in the background, and monitor the activity of wireless networks around you. For each detected network, it displays the following information: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher...

Google Search Algorithm to Demote Piracy Sites In Search Results

The Search Engine giant is not going to spare the Pirated content providing sites. Google is ready to fulfill its commitment to downgrade the search rankings of ‘notorious’ piracy sites globally that often rank above legal and commercial sites. Google and the Copyright holders are, to some extent...

CVE-2 0 1 4-3 5 6 6 SSLv3 POODLE principle of analysis-vulnerability warning-the black bar safety net

0x00 background POODLE attack against SSLv3, CBC mode encryption algorithm, a padding oracle attack. This attack mode and before the BEAST attacks much like, can allow an attacker to obtain the SSL communication part of the information of the plaintext, such as coockie with. And the BEAST is...

Microsoft Extends SHA-2, TLS Support for Windows

One by one, tech companies have been tossing aside the SHA-1 cryptographic algorithm like the unreliable collision-prone mess that it is. Microsoft was among the first to steer its customers away from SHA-1 and established an internal edict that its developers would no longer use it for...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383)

It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216 , CVE-2014-4219 A format string flaw was discovered in the Hotsp...

F5 Networks BIG-IP : MD2 Message-Digest Algorithm vulnerability (SOL15663)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

Rovnix Variant Surfaces With New DGA

Researchers have unearthed a new version of the Rovnix malware that has a couple of additional features, including a new domain generation algorithm and a secure transmission channel for communicating with the command-and-control servers. Rovnix is a malware variant that often has been distribute...

SOL15663 - MD2 Message-Digest Algorithm vulnerability CVE-2009-2409

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

CVE-2014-2942

Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code...

CVE-2014-2942

Cobham Aviator 700D/700E satellite terminals are affected by CVE-2014-2942 due to use of a broken/risky cryptographic algorithm to generate PINs. This enables a local, unauthenticated attacker to calculate a superuser PIN and gain full control of the terminal, given physical access or access to t...

CVE-2014-5413

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...