CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2014/11/20 4:31 p.m.•2 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

RedHat Linux•added 2014/11/19 6:32 p.m.•3 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

RedHat Linux•added 2014/11/19 6:32 p.m.•3 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

The Hacker News•added 2014/11/18 8:29 p.m.•9 views

WhatsApp Messenger Adds End-to-End Encryption by Default

Good news for all Privacy Lovers!! Finally the wildly popular messaging app WhatsApp has made end-to-end encryption a default feature, stepping a way forward for the online privacy of its users around the world. WhatsApp, most popular messaging app with 600 Million users as of October 2014, has...

6.6AI score

Tenable Nessus•added 2014/11/11 12:0 a.m.•29 views

openSUSE Security Update : pidgin (openSUSE-SU-2014:1376-1)

The following issues were fixed in this update : + General : - Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and...

6.4CVSS7.2AI score0.02136EPSS

Exploits0References12

myhack58•added 2014/11/04 12:0 a.m.•18 views

Popular secure chat APP TextSecure presence of“unknown key sharing attack”vulnerability-vulnerability warning-the black bar safety net

! TextSecure is Android platform a encrypted chat APP, this free APP is designed in order to guarantee communication privacy. This APP by Open WhisperSystems developed, the code completelyopen sourcesupport end-to-end SMS encryption. Looks very safe is not? Recently, however, from Germany's Ruhr...

1.3AI score

ThreatPost•added 2014/10/31 11:34 a.m.•12 views

Facebook Creates .Onion Site; Now Accessible Via Tor Network

UPDATE – This story has been updated with commentary from the Tor Project. Facebook announced today that the social network will now be directly available to users as a Tor hidden service. The Tor Project is an Internet-traffic anonymization service that relays user traffic through a number of...

6.9AI score

Exploits0References6

Ubuntu•added 2014/10/28 1:50 p.m.•56 views

USN-2390-1: Pidgin vulnerabilities

Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. CVE-2014-3694 Yves Younan and Richard Johnson...

6.4CVSS7.4AI score0.02136EPSS

ThreatPost•added 2014/10/24 1:21 p.m.•9 views

NSA-Approved Samsung Knox Stores PIN in Cleartext

A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency. The NSA’s blessing, given under the agency’s Commercial Solutions for Classified Program, meant that the Samsung Galaxy 4, 5 and Galaxy No...

7.1AI score

Exploits0References3

securityvulns•added 2014/10/18 12:0 a.m.•117 views

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...

10CVSS0.6AI score0.9422EPSS

Exploits158

RedHat Linux•added 2014/10/16 11:12 p.m.•3 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

RedHat Linux•added 2014/10/16 11:2 p.m.•1 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

Tenable Nessus•added 2014/10/16 12:0 a.m.•60 views

ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass

The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not...

7.5CVSS5.5AI score0.00185EPSS

Exploits1References2

OpenVAS•added 2014/10/16 12:0 a.m.•31 views

CentOS Update for java CESA-2014:1634 centos5

Check the version of java SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882060";...

6.8CVSS6.8AI score0.09411EPSS

Exploits0References2

RedHat Linux•added 2014/10/15 3:3 a.m.•0 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

RedHat Linux•added 2014/10/15 2:9 a.m.•1 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

RedHat Linux•added 2014/10/15 1:26 a.m.•3 views

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)