MGASA-2013-0382 Updated gnupg package fixes CVE-2013-4576

Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...

Jackie CMS 1.7 commercial version SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

Jackie CMS 1.7 commercial version with the Zend encryption, batch after decryption, found the programmer with several functions, making this system substantially no injection vulnerabilities. In the judgment of ip, the programmers will. The filter then determines whether it is Digital, it is wort...

DSA-2821-1 gnupg - side channel attack

Bulletin has no description...

gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack

Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...

Important: nspr

Issue Overview: A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the f...

RedHat Update for nss and nspr RHSA-2013:1791-01

Check for the Version of nss and nspr OpenVAS Vulnerability Test RedHat Update for nss and nspr RHSA-2013:1791-01 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

nss: Avoid uninitialized data read in the event of a decryption failure

Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...

Cisco Unified Communications Manager - TFTP Service

Cisco Unified Communications Manager - TFTP Service !/bin/bash Proof of Concept on how to get tftp config files from cisco phones This can be performed anonymously and privileges gathered relies on those assigned to the ldap account Developed by Daniel Svartman [email protected] In case tf...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20131205)

A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the fix for...

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA, and had authorized access to...

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

None...

nss: Avoid uninitialized data read in the event of a decryption failure

Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...

Important: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

OpenSSL: Multiple Vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

Private key in key.pem world readable

Description Due to incorrect directory and file permissions a local attacker might obtain the private key that is used for the SSL/TLS encryption for ldaps including STARTTLS on ldap and https network traffic. The attacker is then able to decrypt encrypted network traffic which may contain...

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboar...

US-CERT Warns of More CryptoLocker Ransomware Infections

CryptoLocker is a devious evolution of now-familiar ransomware schemes in which the malware encrypts files it finds on a number of network resources and demands a ransom for the decryption key. US-CERT issued an advisory today warning businesses and consumers of the risks presented by CryptoLocke...

CryptoLocker developer launches Decryption Service website; 10 Bitcoins for Decryption Keys

A long-running ransomware known as CryptoLocker is continuing to lock victims out of their files and demand payment to restore access. The malware targets computers running Microsoft Windows and has already affected users across multiple regions. CryptoLocker encrypts files on an infected system...

CryptoLocker developer launches Decryption Service website; 10 Bitcoins for Decryption Keys

None...

DSA-2790-1 nss - uninitialized memory read

Bulletin has no description...