Important: nspr

Issue Overview: A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the f...

RedHat Update for nss and nspr RHSA-2013:1791-01

Check for the Version of nss and nspr OpenVAS Vulnerability Test RedHat Update for nss and nspr RHSA-2013:1791-01 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

nss: Avoid uninitialized data read in the event of a decryption failure

Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...

Cisco Unified Communications Manager - TFTP Service

Cisco Unified Communications Manager - TFTP Service !/bin/bash Proof of Concept on how to get tftp config files from cisco phones This can be performed anonymously and privileges gathered relies on those assigned to the ldap account Developed by Daniel Svartman [email protected] In case tf...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20131205)

A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the fix for...

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA, and had authorized access to...

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

None...

nss: Avoid uninitialized data read in the event of a decryption failure

Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...

Important: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

OpenSSL: Multiple Vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

Private key in key.pem world readable

Description Due to incorrect directory and file permissions a local attacker might obtain the private key that is used for the SSL/TLS encryption for ldaps including STARTTLS on ldap and https network traffic. The attacker is then able to decrypt encrypted network traffic which may contain...

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboar...

US-CERT Warns of More CryptoLocker Ransomware Infections

CryptoLocker is a devious evolution of now-familiar ransomware schemes in which the malware encrypts files it finds on a number of network resources and demands a ransom for the decryption key. US-CERT issued an advisory today warning businesses and consumers of the risks presented by CryptoLocke...

CryptoLocker developer launches Decryption Service website; 10 Bitcoins for Decryption Keys

A long-running ransomware known as CryptoLocker is continuing to lock victims out of their files and demand payment to restore access. The malware targets computers running Microsoft Windows and has already affected users across multiple regions. CryptoLocker encrypts files on an infected system...

CryptoLocker developer launches Decryption Service website; 10 Bitcoins for Decryption Keys

None...

DSA-2790-1 nss - uninitialized memory read

Bulletin has no description...

EFF: Fifth Amendment Protects Against Compelled Decryption

With new leaks about the extent of U.S. government surveillance coming almost daily, one constant remains among all the deterrents to the NSA’s prying eyes: encryption technology works. As far as we know, the math behind encryption is solid, despite the specter of some unnamed breakthrough made b...

Mozilla nss uninitialized memory dereference

Uninitialized memory dereference on decryption...

Mandriva Linux Security Advisory : nss (MDVSA-2013:257)

A vulnerability has been discovered and corrected in mozilla NSS : Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact v...

CVE-2013-1739

Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...