Fedora: Security Advisory (FEDORA-2025-17fed14cc3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-3887603605)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : rpki-client (2025-d5fdbedb7f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d5fdbedb7f advisory. rpki-client 9.5 - rpki-client now includes arin.tal which is no longer legally encumbered. See https://www.arin.net/announcements/20250116-tal/ - rpki-client...

Fedora 41 : rpki-client (2025-17fed14cc3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-17fed14cc3 advisory. rpki-client 9.5 - rpki-client now includes arin.tal which is no longer legally encumbered. See https://www.arin.net/announcements/20250116-tal/ - rpki-client...

SUSE SLES12 Security Update : ca-certificates-mozilla (SUSE-SU-2024:2767-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2767-1 advisory. - Updated to 2.68 state of Mozilla SSL root CAs bsc1227525 - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

CVE-2024-25140

CVE-2024-25140 affects RustDesk 1.2.3 on Windows. A default install places a WDKTestCert in Trusted Root Certification Authorities with EKU Code Signing (1.3.6.1.5.5.7.3.3), valid 2023–2033. This was intended behavior per vendor note, using a test certificate due to lack of EV cert, raising conce...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

RUSTSEC-2022-0014 Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

CVE-2017-9758

Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...

Session fixation

Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...

CVE-2017-9758

Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."...

Vulnerability in OpenSSL - Memory corruption in the ASN.1 encoder

This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the...

Cyber UL Could Become Reality Under Leadership of Hacker Mudge

UPDATE–One of the longstanding problems in security–and the software industry in general–is the lack of any universally acknowledged authority on quality and reliability. But the industry moved one step closer to making such a clearinghouse a reality this week when Peiter Zatko, a longtime...

CVE-2012-4948

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the...

SSL and the Future of Authenticity

In the early 90’s, at the dawn of the World Wide Web, some engineers at Netscape developed a protocol for making secure HTTP requests, and what they came up with was called SSL. Given the relatively scarce body of knowledge concerning secure protocols at the time, as well the intense pressure...

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...

Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability

============================================================================ == SECURITY ALERT Windows File Protection Arbitrary Certificate Chain Vulnerability December 26, 2002 Full Disclosure, [email protected] and others December 24, 2002 Private Disclosure Jason Coombs [email protected]...