794 matches found
OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...
CentOS Update for java CESA-2014:0027 centos5
Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2014:0027 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:011)
Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk : An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java applicatio...
OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...
CVE-2014-0411
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...
Design/Logic Flaw
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...
java security update
CentOS Errata and Security Advisory CESA-2014:0027 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...
How Dark Mail Plans to Build an Open, Secure Email Platform
The new Dark Mail Alliance formed this week by Lavabit and Silent Circle will offer an open platform for secure email that will use existing protocols and cloud storage as a way to evade surveillance. The new system, which should be available next year, is in some ways a throwback to the...
FreeBSD : gnupg -- side channel attack on RSA secret keys (80771b89-f57b-11e2-bf21-b499baab0cbe)
A Yarom and Falkner paper reports : Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a sp...
gnupg -- side channel attack on RSA secret keys
A Yarom and Falkner paper reports: Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy...
Microsoft Asks AG to Let It Publish Detailed Data Request Information
Microsoft, responding to allegations that the company has helped the NSA circumvent encryption in Skype and Outlook.com and provided direct access to data from those and other services, says that it does none of those things and is petitioning the government for permission to publish more...
Name.com Data Breach Forces Password Breach
Domain registrar Name.com has informed its customers via email of a data breach and asked them to reset their passwords. The company, based in Denver, said it discovered a breach and customer account information such as encrypted credentials and credit card numbers may have been accessed along wi...
Ubuntu 7.04 / 7.10 / 8.04 LTS : openssl vulnerability (USN-612-1)
A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledg...
Windows Phone7 < 7.10.8107 Out-of-Date SSL Certificate Blacklist
Binary data windowsphone7108107.nbin...
Ubuntu Update for python-crypto USN-1484-1
Ubuntu Update for Linux kernel vulnerabilities USN-1484-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14841.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-crypto USN-1484-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...
Ubuntu: Security Advisory (USN-1484-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EMC IRM License Server 4.6.1.1995 - Denial of Service
Luigi Auriemma Application: EMC IRM License Server http://www.emc.com Versions: = 4.6.1.1995 Platforms: Windows Bugs: A "version compat check" FIPS NULL pointer B freezing caused by multiple commands C NULL pointer caused by commands after invalid version Exploitation: remote Date: 10 Apr 2012...
Train-switching system can be vulnerable to DDoS attack
Train-switching system can be vulnerable to DDoS attack Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin. Prof. Stefan...
How the Duqu Authors May Have Erred
Duqu has been called the spawn of Stuxnet, or maybe some sort of stepchild or second cousin. That initial analysis came from some similarities in the code of the two attack tools, and now that researchers have had more time to pull Duqu apart and see how it works, it seems more and more likely th...
Is it hard to crack full Disk Encryption For Law Enforcement ?
Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a...