Debian: Security Advisory (DLA-1398-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sophos SafeGuard Privilege Escalation Vulnerability - Windows

Sophos SafeGuard Client Products are prone to privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Sophos SafeGuard Detection (Windows SMB Login)

Detects the installed version of Sophos SafeGuard on Windows. The script logs in via smb, searches for Sophos SafeGuard in the registry and gets the version from the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...

Debian DLA-1398-1 : php-horde-crypt security update

It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email. For Debian 8 'Jessie', these problems have been fixed in version 2.5.0-5+deb8u1. We recommend th...

[SECURITY] [DLA 1398-1] php-horde-crypt security update

Package : php-horde-crypt Version : 2.5.0-5+deb8u1 CVE ID : CVE-2017-7413 CVE-2017-7414 Debian Bug : 859635 It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an...

DLA-1398-1 php-horde-crypt - security update

Bulletin has no description...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - netlink: add a start callback for starting a netlink dump Tom Herbert Orabug: 27169581 CVE-2017-16939 - ipsec: Fix aborted xfrm policy dump crash Herbert Xu Orabug: 27169581 CVE-2017-16939 - net/rds:...

Crypt encryption compromised.

More info at https://fuelphp.com/security-advisories...

Crypt encryption compromised

With the right knowledge, code, and GPU calculation power, Crypt encryption can be broken in minutes. All released versions starting with 1.0 are affected. The issue will be addressed in release v1.8.1. You can modify earlier versions by implementing the changes from this change, and install the...

SSH / SSL RSA Private Key Passphrase Dictionary Enumerator Exploit

This is a script to perform SSH/SSL RSA private key passphrase enumeration with a dictionary attack. !/usr/bin/perl SSH/SSL RSA Private Key Passphrase dictionary enumerator Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg email protected$ ssh-keygen -...

CVE-2018-7335

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small...

Information Disclosure

Zendframework and zend-crypt are vulnerable to information disclosure attacks. The library uses the default php $padding which is vulnerable to Bleichenbacher's chosen-ciphertext attack that can be used to decrypt arbitrary ciphertext...

CVE-2015-7503

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

kernel: crypto: GPF in lrw_crypt caused by null-deref

The lrwcrypt function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept2 system call for AFALG socket without calling setkey first to set a cipher key...

Insecure Password Updates

openmeetings-db does not securely update passwords. When updating a password for a user, it does not check that the Crypt is up to date, resulting in the password not being saved securely...

Fedora 26 : php-horde-Horde-Crypt (2017-0c4f5fb08e)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

[ASA-201705-16] openvpn: denial of service

Arch Linux Security Advisory ASA-201705-16 ========================================== Severity: High Date : 2017-05-13 CVE-ID : CVE-2017-7478 CVE-2017-7479 Package : openvpn Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-271 Summary ======= The package openvpn...

Horde Groupware Webmail Edition Operating System Command Injection Vulnerability

Horde Groupware Webmail Edition is a free enterprise browser based on the Communication Suite from Horde, Inc.HordeCrypt is an encryption/decryption library for working with PGP data. An OS command injection vulnerability exists in HordeCrypt versions prior to 2.7.6 used in Horde Groupware Webmai...

Fedora 25 : php-horde-Horde-Crypt (2017-ed4c9b605b)

HordeCrypt 2.7.6 - mjr SECURITY: Fix remote code execution vulnerability CVE-2017-7413, and CVE-2017-7414. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...