139 matches found
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...
Use-after-free in NSS during SSL connections in low memory — Mozilla
Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: Security researcher Hanno Böck reported that calculations with mpdiv and mpexptmod in Network Security Services NSS can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to...
openssl lib32-openssl: multiple issues
CVE-2015-3193 insecure private key in connection with DHE There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not...
Vulnerability in OpenSSL - BN_mod_exp may produce incorrect results on x86_64
There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible...
OpenSSL Multiple Vulnerabilities (20150319 - 2) - Windows
OpenSSL is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OpenSSL Multiple Vulnerabilities (20150319 - 2) - Linux
OpenSSL is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
The vulnerability of the OpenSSL library, which allows attackers to carry out attacks aimed at reducing the security of encryption algorithms
The vulnerability of the OpenSSL library is related to errors in cryptographic transformations. Exploiting this vulnerability allows a malicious actor, operating remotely and having access to the data transmission channel, to carry out attacks aimed at reducing the resilience of encryption...
ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 Severity...
Debian DSA-3324-1 : icedove - security update (Logjam)
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability...
[SECURITY] [DSA 3324-1] icedove security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3324-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 01, 2015 https://www.debian.org/security/faq -...
DSA-3324-1 icedove - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3324-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2673-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)
USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to...
FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)
The Mozilla Project reports : MFSA 2015-59 Miscellaneous memory safety hazards rv:39.0 / rv:31.8 / rv:38.1 MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs MFSA 2015-61 Type confusion in Indexed Database Manager MFSA 2015-62 Out-of-bound read while computing an...
SUSE-SU-2015:1268-1 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss
MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2728: Type confusion in Index...
Debian DSA-3300-1 : iceweasel - security update (Logjam)
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability i...
DSA-3300-1 iceweasel - security update
Bulletin has no description...
Debian Security Advisory DSA 3300-1 (iceweasel - security update)
Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3300.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3300-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...