8698 matches found
Ubuntu: Security Advisory (USN-2625-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Wassenaar, Bug Bounties and Vulnerability Rewards Programs
Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward...
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150604) (Logjam)
A flaw was found in the way the TLS protocol composes the Diffie-Hellman DH key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. CVE-2015-4000 Note: This update forces the...
openssl security update
CentOS Errata and Security Advisory CESA-2015:1072 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...
Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)
According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.13, 6.0.x prior to 6.0.9, or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL library : - A security feature bypass...
USN-2625-1: Apache HTTP Server update
As a security improvement, this update makes the following changes to the Apache package in Ubuntu 12.04 LTS: Added support for ECC keys and ECDH ciphers. The SSLProtocol configuration directive now allows specifying the TLSv1.1 and TLSv1.2 protocols. Ephemeral key handling has been improved,...
Ubuntu 14.04 LTS : OpenSSL update (USN-2624-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2624-1 advisory. As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks. Tenable h...
Wireless Network Watcher v1.81 - Show Who is Connected to your Wireless Network
Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...
USN-2624-1: OpenSSL update
As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...
USN-2624-1 openssl update
As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...
DEBIAN-CVE-2013-7441
The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...
CVE-2013-7441
The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...
CVE-2013-7441
The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...
UBUNTU-CVE-2013-7441
The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...
Security Researchers Publish Comments on Wassenaar Rules
With the two-month comment period for the proposed U.S. Wassenaar Arrangement rules barely under way, a cast of influential security researchers has wasted no time preparing and submitting their thoughts on the controversial proposal. Researchers who seek out vulnerabilities in software—developin...
PT-2015-3589 · Nbd +2 · Nbd-Server +2
Name of the Vulnerable Software and Affected Versions: nbd-server versions 2.9.22 through 3.3 Description: The issue in nbd-server allows remote attackers to cause a denial of service by either closing the connection during negotiation or specifying a name for a non-existent export, which can lea...
Debian Security Advisory DSA 3271-1 (nbd - security update)
Tuomas Rsnen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Rsnen also discovered that the modern-style negotiation was carried out ...
Podcast Discussing the Week's Security, Crypto News
Dennis Fisher and Mike Mimoso talk about the Logjam attack, the proposed Wassenaar export rules on exploits, and the letter to the president decrying crypto back doors. They do not talk about the Mad Men finale. Nor will they ever. Download: digitalunderground204.mp3 Music by Chris Gonsalves...
Proposed U.S. Wassenaar Rules on Intrusion Software
Two things worth noting from yesterday’s unveiling of the Bureau of Industry and Security’s proposed Wassenaar rules for the U.S. that weren’t so overt: a The U.S. generally leads the way in implementing Wassenaar changes, and this time it’s been beaten by the EU by almost 18 months; and b reques...