CVE-2015-0564

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

MGASA-2015-0019 Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The DEC DNA Routing Protocol dissector could crash CVE-2015-0562. The SMTP dissector could crash CVE-2015-0563. Wireshark could crash while decypting TLS/SSL sessions CVE-2015-0564...

Wireshark TLS/SSL Decryption Denial of Service Vulnerability

Wireshark is an open source network protocol analysis tool. A denial of service vulnerability exists in Wireshark TLS/SSL because it fails to properly handle certain types of packets. An attacker could exploit this vulnerability to crash the affected application and deny service to legitimate use...

CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

Oracle-Database-Authentication

Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. This vulnerability affects Oracle Database 11g Release 1 and 11g Relea...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

UBUNTU-CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

[SECURITY] Fedora 20 Update: gpgme-1.3.2-5.fc20

GnuPG Made Easy GPGME is a library designed to make access to GnuPG easier for applications. It provides a high-level crypto API for encryption, decryption, signing, signature verification and key management...

Data Stream Encryption: ciphr

Data Stream Encryption Ciphr is a CLI tool for performing and composing encoding, decoding, encryption, decryption, hashing, and other various operations on streams of data. It takes provided data, file data, or data from stdin, and executes a pipeline of functions on the data stream, writing the...

[SECURITY] Fedora 21 Update: gpgme-1.4.3-5.fc21

GnuPG Made Easy GPGME is a library designed to make access to GnuPG easier for applications. It provides a high-level crypto API for encryption, decryption, signing, signature verification and key management...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

KDE Konversation / Quassel IRC memory corruption

Memory corruption on ECB decryption...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

CoinVault Ransomware Betting on Hope with Free File Decrypt

UPDATE: A prior version of this story incorrectly defined VSS as vulnerability scanning systems when in fact it refers to volume shadow copy service, which is a Windows automatic data backup and recovery mechanism. Thanks to commenter Rudy for pointing this out. The courteous CoinVault ransomware...

Updated konversation package fixes security vulnerability

Due to and out-of-bounds read issue in Konversation in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...

SSL 3.0 MITM Attack

A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-3566. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak...

Apple Releases Security Updates for iOS and Apple TV

Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL. Updates available include: iOS 8.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later Apple ...