8675 matches found
[SECURITY] Fedora 21 Update: drupal7-webform-4.7-1.fc21
Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...
openssl: Divide-and-conquer session key recovery in SSLv2
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...
openssl: assertion failure in SSLv2 servers
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...
Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20150305)
It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macro...
Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(7021) <= 4.0(48) Multiple Vulnerabilities (FREAK)
The remote Mac OS X host has a version of Cisco AnyConnect Secure Mobility Client installed that is prior to 3.1.7021.0, or else it is a version equal or prior to 4.0.0048.0. It is, therefore, affected by multiple vulnerabilities in the OpenSSL library : - The BIGNUM squaring BNsqr implementation...
Debian DLA-177-1 : openssl security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-0209 It was discovered that a malformed EC private key might result in memory corruption. CVE-2015-0286 Stephen...
openssl: assertion failure in SSLv2 servers
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...
openssl: assertion failure in SSLv2 servers
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...
openssl: Divide-and-conquer session key recovery in SSLv2
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...
MyBB cache handler vulnerability
MyBB is a WEB-based application. The cache handler in MyBB fails to properly check the input encoding of the varexport function, allowing remote attackers to exploit the vulnerability for malicious attacks...
PT-2016-1366 · Openssl +6 · Openssl +7
Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8zf OpenSSL versions 1.0.0 prior to 1.0.0r OpenSSL versions 1.0.1 prior to 1.0.1m OpenSSL versions 1.0.2 prior to 1.0.2a Description: The issue is related to the get client master key function in the SSLv2...
[SECURITY] [DLA 177-1] openssl security update
Package : openssl Version : 0.9.8o-4squeeze20 CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project...
Monitoring Large-Scale Networks: YAF
Monitoring Large-Scale Networks Why does the world need another network flow event generator? yaf was originally intended as an experimental implementation tracking developments in the IETF IPFIX working group, specifically bidirectional flow representation, archival storage formats, and structur...
WordPress Migration Plugin <= 2.0.4 - Unauthenticated Database Export
Because of this vulnerability, users, which have access to the database, can get uploads, themes, plugins of your website. Solution Update the plugin...
All-in-One WP Migration <= 2.0.4 - Unauthenticated Database Export
Unauthenticated users can export a complete copy of the WordPress database, all plugins, themes, and uploaded files...
OpenSSL < 0.9.8zf / 1.0.0r / 1.0.1m / 1.0.2a Multiple Vulnerabilities
Binary data 801937.prm...
DSA-3197-1 openssl - security update
Bulletin has no description...