Information disclosure

Rockwell Automation RSView32 7.60.00 aka CPR9 SR4 and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack...

CVE-2015-1010

Rockwell Automation RSView32 7.60.00 aka CPR9 SR4 and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack...

CVE-2015-1010

The CVE-2015-1010 issue affects Rockwell Automation RSView32 (7.60.00 CPR9 SR4) and earlier, where the password storage file uses outdated encryption, enabling a local attacker to decrypt credentials by reading the file. The ICS-CERT advisory confirms a vendor patch and recommends upgrading to a ...

DSA-3269-2 postgresql-9.1 - regression update

Bulletin has no description...

Ubuntu 14.04 LTS : PostgreSQL vulnerabilities (USN-2621-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2621-1 advisory. Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the...

PostgreSQL 9.0 < 9.0.20 / 9.1 < 9.1.16 / 9.2 < 9.2.11 / 9.3 < 9.3.7 / 9.4 < 9.4.2 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.0.x prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, or 9.4.x prior to 9.4.2. It is, therefore, affected by multiple vulnerabilities : - A double free memory error exists after authentication timeout,...

PostgreSQL pgcrypto Denial of Service Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. Failure of PostgreSQL to handle correct key values can result in multiple error messages when pgcrypto is decrypted, allowing remote attackers to exploit the vulnerability by submittin...

postgresql: multiple issues

CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...

FreeBSD : PostgreSQL -- minor security problems. (fc38cd83-00b3-11e5-8ebd-0026551a22dc)

PostgreSQL project reports : This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. - CVE-2015-3165 Double 'free' after...

Debian DSA-3269-1 : postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. - CVE-2015-3166 Information exposure The replacement implementation of snprintf...

USN-2621-1 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. CVE-2015-3165 Noah Misch discovered that PostgreSQL incorrectly handled certain...

So, you wanna crypto (in AEM)

So another year passed by and I will talk again , ... at the Connect WE conference. This year with Damien Antipa we will have a speech entitled So, you wanna crypto in AEM . Now, is true that even symmetric encryption isn't a “solved problem” but hey we still need to protect information et al : N...

Vulnerability in contrib module (CVE-2015-3167)

pgcrypto has multiple error messages for decryption with an incorrect key...

Debian Security Advisory DSA 3269-1 (postgresql-9.1 - security update)

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...

Debian Security Advisory DSA 3270-1 (postgresql-9.4 - security update)

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...

Free Ransomware Decryption and Malware Removal ToolKit

A security researcher has compiled a ransomware removal and rescue kit to help victims deal with ransomware threats and unlock encrypted files without paying off a single penny to the cyber crooks. Ransomware is a growing threat to the evolution of cyber criminals techniques in an attempt to part...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2614-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2614-1 advisory. Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2613-1)

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system. CVE-2014-9715 Jan Beulic...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2615-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2615-1 advisory. Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes xattrs. A local attacker could exploit this fla...

USN-2615-1: Linux kernel (Utopic HWE) vulnerabilities

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes xattrs. A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. CVE-2014-9710 A memory corruption issue was discovered in AES decryption when using the...