[SECURITY] Fedora 26 Update: php-horde-Horde-Crypt-2.7.6-1.fc26

The HordeCrypt package class provides an API for various cryptographic systems...

DEBIAN-CVE-2017-7414

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...

UBUNTU-CVE-2017-7414

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...

DEBIAN-CVE-2017-7413

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email...

Secure Anti Forensic Anonymous Operating System: kodachi

Secure Anti Forensic Anonymous Operating System Linux Kodachi operating system is based on Debian 8.6 it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure...

OpenSSH 7.2 - Denial of Service

Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T [email protected] www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS, Centos 7 CVE : CVE-2016-6515 Date : 20-10-201...

OpenSSH 7.2 - Denial of Service Exploit

Exploit for linux platform in category dos / poc Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T email protected www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS,...

DEBIAN-CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

UBUNTU-CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

[ASA-201611-21] slock: access restriction bypass

Arch Linux Security Advisory ASA-201611-21 ========================================== Severity: Medium Date : 2016-11-21 CVE-ID : CVE-2016-6866 Package : slock Type : access restriction bypass Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package slock before...

OpenSSH 'crypt()' Function Denial of Service Vulnerability

OpenSSH is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. A denial of service vulnerability exists in the OpenSSH 'crypt' function. An attacker can exploit this vulnerability to cause an application to enter an infinite loop, consuming...

Debian DLA-598-1 : suckless-tools security update

It was discovered that the slock screen locking tool would segfault when the user's account had been disabled. slock called crypt3 and used the return value for strcmp3 without checking to see if the return value of crypt3 was a NULL pointer. If the hash returned by getspnam-sppwdp was invalid,...

CVE-2016-5352

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service application crash via a crafted packet...

Design/Logic Flaw

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...

PT-2016-4081 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.4.2 Description: The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This occurs when a crafted application does not supply a key, related ...

Debian DSA-3475-1 : postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. ...

DSA-3475-1 postgresql-9.1 - security update

Bulletin has no description...

Debian Security Advisory DSA 3475-1 (postgresql-9.1 - security update)

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory...