Design/Logic Flaw

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

CVE-2014-1498

CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

Experts Urge Conservatism on Crypto Standards

SAN FRANCISCO–Security people are, by nature, cautious and methodical, and that is even more true of cryptographers. And in the current environment, when new adversaries seem to emerge on a daily basis and cryptographic standards are under intense scrutiny, a panel of some of the biggest names in...

[SECURITY] Fedora 19 Update: oath-toolkit-2.4.1-1.fc19

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

[Haveged 1.9.1] A simple entropy daemon

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers...

Design/Logic Flaw

Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2014-1696

Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack...

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

The National Institute of Standards and Technology NIST had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA...

Null pointer dereference

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted message...

CVE-2013-1769

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted message...

CVE-2013-1769

The CVE affects Telepathy Gabble: versions 0.16.x before 0.16.5 and 0.17.x before 0.17.3 are vulnerable due to a hashing algorithm that can trigger a NULL pointer dereference, causing a remote denial of service (crash). No exploitation details are provided beyond this, but the impact is a crash/D...

Yahoo Encryption Slammed for Lack of Forward Secrecy, HSTS

Yahoo, as promised, rolled out HTTPs by default this week for its email service, bringing it in line with other Internet companies that have been securing users’ communication for years. But if Yahoo expected applause from security experts, it can think again. The response from those well-versed ...

RHEL 6 : openssl (RHSA-2014:0015)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0015 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a...

openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm

The sslgetalgorithm2 function in ssl/s3lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service daemon crash via crafted traffic from a TLS 1.2 client...

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

[SECURITY] [DSA 2833-1] openssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2833-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 01, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2833-1 (openssl - several vulnerabilities)

Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this update disables the insecure DualECDRBG algorithm which was unused anyway, see...

DSA-2833-1 openssl - several

Bulletin has no description...