752 matches found
CVE-2017-12317
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
Google Reminding Admins HTTP Pages Will Be Marked 'Not Secure' in October
Google began sending out notices to site owners this month, reminding those who haven’t yet migrated from HTTP to HTTPS that in October their sites will be marked “NOT SECURE.” The warnings are directed to owners of HTTP pages that contain forms, specifically sites that include text input fields...
Free Certs Come With a Cost
Let’s Encrypt is the largest certificate authority by volume doling out more than 100,000 free domain certificates a day. The non-profit fulfills a noble mission of securing website communications that is applauded across the internet; it has raised the bar on SSL and TLS security, issuing 100...
[SECURITY] Fedora 25 Update: pius-2.2.4-1.fc25
The PGP Individual UID Signer PIUS is a tool for individually signing all of the UIDs on a set of keys and encrypt-emailing each one to it's respective email address. This drastically reduces the time and errors involved in signing keys after a key signing party...
Let's Encrypt to Offer Wildcard Certificates in 2018
Certificate authority Let’s Encrypt said this week it will begin offering wildcard certificates in 2018. Wildcard certificates are public key certificates that can be used with multiple subdomains of a domain. The certificates are traditionally viewed as less expensive and more convenient by...
CVE-2017-9604
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...
UBUNTU-CVE-2017-9604
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...
Anti-DDoS Solution Based on iptables: nShield
Anti-DDoS Solution Based on iptables An Easy and Simple Anti-DDoS solution for VPS, Dedicated Servers and IoT devices based on iptables Requirements Linux System with python, iptables Nginx Will be installed automatically by install.sh Quickstart cd /home/ && git clone...
OpenSSL handshake renegotiation process in the presence of the vulnerability can lead to denial of service-vulnerability warning-the black bar safety net
One, Foreword OpenSSL is a very popular General-purpose encryption library, available as a Web authentication service to provide SSL/TLS Protocol Implementation. Recently, there has been found in OpenSSL in the presence of several vulnerabilities. We've written several articles on the analysis of...
Weblate: Option method enabled
Description HTTP OPTIONS method is enabled. Affected URL : https://demo.weblate.org/ https://weblate.org/en/ https://hosted.weblate.org PoC curl -X OPTIONS https://hosted.weblate.org -vv Output aku@galau:$ curl -X OPTIONS https://hosted.weblate.org -vv Rebuilt URL to: https://hosted.weblate.org/...
CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
DEBIAN-CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
UBUNTU-CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
CVE-2017-3733
CVE-2017-3733 describes a denial-of-service crash in OpenSSL 1.1.0 before 1.1.0e during a renegotiation handshake when the Encrypt-Then-MAC extension is (mis)negotiated between the original and renegotiated handshakes. The issue affects both clients and servers. Connected documents reiterate the ...
CVE-2017-3733 Encrypt-Then-Mac renegotiation crash
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
FreeBSD : codeigniter -- multiple vulnerabilities (df0144fb-295e-11e7-970f-002590263bf5)
The CodeIgniter changelog reports : Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryptio...