Lucene search
K

270 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:27 p.m.24 views

Security Bulletin: Open Source Apache Tomcat vulnerability (CVE-2014-0227)

Summary Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypa...

6.4CVSS0.8AI score0.21045EPSS
Exploits0Affected Software1
Citrix
Citrix
added 2017/08/02 12:0 a.m.6 views

App Layering/Unidesk: Debugging Layer Conflicts

You have identified a problem that occurs when all your layers are present, but does not occur when none of them are there, or only a minimum set are present. Regardless of the actual error, this suggests a conflict between individual layers...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/07/03 12:0 a.m.26 views

openSUSE Security Update : kdepim4 (openSUSE-2017-755)

This update for kdepim4 fixes the following issues : - CVE-2017-9604: The kmail 'send later' function does not have 'sign/encryption' action ensured. boo1044210 The package kdepim-addons was updated to conflict with 4.x based akonadi package to prevent file conflicts. boo1045936 %NASLMINLEVEL 703...

7.5CVSS6.8AI score0.01294EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/06/26 12:0 a.m.142 views

Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache : - A flaw exists in the modsessioncrypto module due to encryption for data and cookies using the configured...

8.1CVSS6.5AI score0.7907EPSS
Exploits8References8
Veracode
Veracode
added 2017/01/26 8:1 a.m.37 views

Side Channel Attack On Modular Exponentiation

OpenSSL is vulnerable to side channel attacks. The vulnerability exploits cache-bank conflicts on the Intel Sandy-Bridge microarchitecture, exposing RSA keys. However, an attacker can only exploit this only if he has control of code in a thread running on the same hyper-threaded core as the victi...

5.1CVSS7.4AI score0.0191EPSS
Exploits1References50Affected Software3
Tenable Nessus
Tenable Nessus
added 2017/01/03 12:0 a.m.36 views

Fedora 25 : 1:dovecot (2016-daf90926d4)

Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set. - director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts. - Index files may have been thought incorrectly...

5.9CVSS6.3AI score0.48197EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.4 views

OpenSSL: Side channel attack on modular exponentiation

A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to...

5.1CVSS6.8AI score0.0191EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2016/10/18 11:5 p.m.50 views

Important: Red Hat Security Advisory: mariadb-galera security and bug fix update

An update for mariadb-galera is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.6AI score0.6773EPSS
Exploits16References4
Tenable Nessus
Tenable Nessus
added 2016/08/29 12:0 a.m.31 views

SUSE SLED12 / SLES12 Security Update : dhcp (SUSE-SU-2016:1791-1)

This update for dhcp fixes the following issues : Security issue fixed : - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional bsc969820. Non security issues fix...

7.1CVSS6.8AI score0.73622EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/07/22 12:0 a.m.16 views

openSUSE Security Update : dhcp (openSUSE-2016-887)

This update for dhcp fixes the following issues : Security issue fixed : - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional bsc969820. Non security issues fix...

7.1CVSS6.8AI score0.73622EPSS
Exploits0References3
Prion
Prion
added 2016/07/19 2:0 a.m.24 views

Design/Logic Flaw

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

6.8CVSS6.9AI score0.0522EPSS
Exploits0References9Affected Software6
Positive Technologies
Positive Technologies
added 2016/07/18 12:0 a.m.3 views

PT-2016-4503 · Twisted +4 · Twisted +4

Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 16.3.1 Description: The issue arises from the software's failure to address RFC 3875 section 4.1.18 namespace conflicts, which leaves CGI applications unprotected from untrusted client data in the HTTP PROXY...

6.9CVSS7AI score0.02406EPSS
Exploits0References46
OSV
OSV
added 2016/07/13 10:26 a.m.4 views

SUSE-SU-2016:1791-1 Security update for dhcp

This update for dhcp fixes the following issues: Security issue fixed: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional bsc969820. Non security issues fixed...

7.1CVSS5.7AI score0.73622EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/16 12:0 a.m.39 views

SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0770-1) (SLOTH)

This update for java-160-ibm fixes the following issues by updating to 6.0-16.20 bsc963937 - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

10CVSS8.5AI score0.14714EPSS
Exploits1References26
OpenVAS
OpenVAS
added 2016/03/11 12:0 a.m.30 views

Amazon Linux: Security Advisory (ALAS-2016-661)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.2AI score0.82112EPSS
Exploits2References2
FreeBSD Advisory
FreeBSD Advisory
added 2016/03/10 12:0 a.m.30 views

FreeBSD-SA-16:12.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:12.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2016-03-10 Credits:...

10CVSS7.2AI score0.82112EPSS
Exploits2
FreeBSD
FreeBSD
added 2016/03/10 12:0 a.m.73 views

FreeBSD -- Multiple OpenSSL vulnerabilities

Problem Description: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided...

10CVSS8.3AI score0.82112EPSS
Exploits2
ArchLinux
ArchLinux
added 2016/03/07 12:0 a.m.81 views

lib32-openssl: multiple issues

CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...

10CVSS5.1AI score0.82112EPSS
Exploits2References7
ThreatPost
ThreatPost
added 2016/03/04 5:35 p.m.153 views

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

9.3CVSS0.99966EPSS
Exploits12References2
Debian CVE
Debian CVE
added 2016/03/03 12:0 a.m.59 views

CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

5.1CVSS7.7AI score0.0191EPSS
Exploits1
Rows per page
Query Builder