Fedora Update for perl-Crypt-DSA FEDORA-2013-15755

Check for the Version of perl-Crypt-DSA OpenVAS Vulnerability Test Fedora Update for perl-Crypt-DSA FEDORA-2013-15755 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Default credentials

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack...

[SECURITY] Fedora 18 Update: perl-Crypt-DSA-1.17-10.fc18

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation...

[SECURITY] Fedora 19 Update: perl-Crypt-DSA-1.17-10.fc19

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation...

Java: XML signature spoofing

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...

Moderate: Red Hat Security Advisory: xml-security security update

An updated xml-security package that fixes one security issue is now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

CVE-2013-2803

ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2013-2803

ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack...

Open redirect

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack...

CVE-2013-1649

Open-Xchange Server 6 is affected by CVE-2013-1649. The vulnerability concerns the use of crypt and SHA-1 for password hashing in Open-Xchange Server versions: before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14. The underlying issue is weak password hashing, enabling context-depend...

Java: XML signature spoofing

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...

Amazon Linux AMI : postgresql8 (ALAS-2012-94)

A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when...

Amazon Linux AMI : kernel / nvidia (ALAS-2013-148)

A malicious Network File System version 4 NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. CVE-2012-2375 , Moderate A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the...

Kelihos P2P Botnet Leveraging Composite Blocking Lists

Kelihos, the peer-to-peer botnet with nine lives, keeps popping up with new capabilities that enable it to sustain itself and make money for its keepers by pushing spam, harvesting credentials and even stealing Bitcoins. According to a number of sources, Kelihos is now leveraging legitimate and...

SOL14638 - TLS/SSL RC4 vulnerability CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. CVE-2013-2566...

ISC BIND 9 SRTT算法授权服务器选择安全漏洞

BUGTRAQ ID: 61774 BIND是一个应用非常广泛的DNS协议的实现。 ISC BIND 9内的SRTT算法实现中存在漏洞，理论上此漏洞可使攻击者手动降低递归服务器与授权服务器相关联的SRTT值，从而影响特定授权服务器从NS资源记录集值内确定要查询的域服务器。SRTT选择不仅影响授权服务器，也影响递归或授权混合服务器。攻击者可利用此漏洞执行DNS相关的攻击，例如DNS缓存投毒。 0 ISC BIND 9.x 厂商补丁： ISC --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

UBUNTU-CVE-2013-2172

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization...

CVE-2012-5575

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

Code injection

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

CVE-2012-5575

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...