DLA-1398-1 php-horde-crypt - security update

Bulletin has no description...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - netlink: add a start callback for starting a netlink dump Tom Herbert Orabug: 27169581 CVE-2017-16939 - ipsec: Fix aborted xfrm policy dump crash Herbert Xu Orabug: 27169581 CVE-2017-16939 - net/rds:...

Crypt encryption compromised.

More info at https://fuelphp.com/security-advisories...

Crypt encryption compromised

With the right knowledge, code, and GPU calculation power, Crypt encryption can be broken in minutes. All released versions starting with 1.0 are affected. The issue will be addressed in release v1.8.1. You can modify earlier versions by implementing the changes from this change, and install the...

SSH / SSL RSA Private Key Passphrase Dictionary Enumerator Exploit

This is a script to perform SSH/SSL RSA private key passphrase enumeration with a dictionary attack. !/usr/bin/perl SSH/SSL RSA Private Key Passphrase dictionary enumerator Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg email protected$ ssh-keygen -...

CVE-2018-7335

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small...

Information Disclosure

Zendframework and zend-crypt are vulnerable to information disclosure attacks. The library uses the default php $padding which is vulnerable to Bleichenbacher's chosen-ciphertext attack that can be used to decrypt arbitrary ciphertext...

CVE-2015-7503

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key...

kernel: crypto: GPF in lrw_crypt caused by null-deref

The lrwcrypt function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept2 system call for AFALG socket without calling setkey first to set a cipher key...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Insecure Password Updates

openmeetings-db does not securely update passwords. When updating a password for a user, it does not check that the Crypt is up to date, resulting in the password not being saved securely...

Fedora 26 : php-horde-Horde-Crypt (2017-0c4f5fb08e)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

[ASA-201705-16] openvpn: denial of service

Arch Linux Security Advisory ASA-201705-16 ========================================== Severity: High Date : 2017-05-13 CVE-ID : CVE-2017-7478 CVE-2017-7479 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-271 Summary ======= The package openvpn...

Horde Groupware Webmail Edition Operating System Command Injection Vulnerability

Horde Groupware Webmail Edition is a free enterprise browser based on the Communication Suite from Horde, Inc.HordeCrypt is an encryption/decryption library for working with PGP data. An OS command injection vulnerability exists in HordeCrypt versions prior to 2.7.6 used in Horde Groupware Webmai...

Fedora 24 : php-horde-Horde-Crypt (2017-e2a3e6fa12)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Fedora Update for php-horde-Horde-Crypt FEDORA-2017-ed4c9b605b

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : php-horde-Horde-Crypt (2017-ed4c9b605b)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

Fedora Update for php-horde-Horde-Crypt FEDORA-2017-e2a3e6fa12

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: php-horde-Horde-Crypt-2.7.6-1.fc24

The HordeCrypt package class provides an API for various cryptographic systems...

Horde Groupware Webmail 345 - Multiple Remote Code Executions

Horde Groupware Webmail 345 - Multiple Remote Code Executions Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready,...