MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.42.1.10.4.AXS4 (AXSA:2012-13:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-13:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2011-3389 The SSL protocol, as used in certain configurations in Microso...

EUVD-2011-3352

Malware in sbrugna...

Malicious code in @malware-test-beast-baboo-stand-stela/test-mlw3-beast-baboo-stand-stela (npm)

The package @malware-test-beast-baboo-stand-stela/test-mlw3-beast-baboo-stand-stela was found to contain malicious code...

SUSE-SU-2025:02536-1 Security update for boost

This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast bsc1245936...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : boost (SUSE-SU-2025:02536-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02536-1 advisory. - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast bsc1245936 Tenable has extracte...

Security update for boost

This update for boost fixes the following issues: CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast bsc1245936 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Linux Distros Unpatched Vulnerability : CVE-2011-3389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other...

RHEL 6 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla NSS: Errors in mpdiv and mpexptmod cryptographic functions CVE-2016-1938 - SSL/TLS: Birthday atta...

RHEL 5 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla NSS: Errors in mpdiv and mpexptmod cryptographic functions CVE-2016-1938 - SSL/TLS: Birthday atta...

RHEL 5 : java-1.4.2-ibm-sap (RHSA-2012:0343)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0343 advisory. - HTTPS: block-wise chosen-plaintext attack against SSL/TLS BEAST CVE-2011-3389 - Oracle/IBM JDK: unspecified vulnerability fixed in 6u29...

Debian dla-3629 : ceph - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3629 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3629-1 [email protected]...

Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)

Summary Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family CVE-2011-3389 Vulnerability Details Security Bulletin --- Summary --- SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the...

SUSE CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

SUSE CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients...

SUSE CVE-2020-1700

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by...

Metasploit Weekly Wrap-Up

ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services AD CS certificate templates. The module will print the detected certificate details, and the attac...

SSL/TLS Version Detection

Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength...

Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)

Abstract Earlier versions of the Transport Layer Security TLS protocol are affected by a publicly disclosed vulnerability that could allow information disclosure if an attacker is carrying out a man-in-the-middle attack. Customers can avoid the vulnerability by following workarounds recommended b...

Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS (BEAST) Mitigations (CVE-2011-3389)

Summary Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS BEAST Mitigations CVE-2011-3389 Vulnerability Details Summary The SSL 3.0 and TLS 1.0 protocols when used with Cipher Block Chaining CBC mode with chained initialization vectors may allow man-in-the-middle...

Python < 2.6.8, 2.7.x < 2.7.3, 3.1.x < 3.1.5, 3.2.x < 3.2.3 'ssl CBC IV attack' (bpo-13885) - Linux

Python is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...