Lucene search
K

8698 matches found

OpenVAS
OpenVAS
added 2015/06/09 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-2625-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2015/06/08 1:32 p.m.14 views

Wassenaar, Bug Bounties and Vulnerability Rewards Programs

Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/06/08 12:0 a.m.78 views

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150604) (Logjam)

A flaw was found in the way the TLS protocol composes the Diffie-Hellman DH key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. CVE-2015-4000 Note: This update forces the...

4.3CVSS7AI score0.9986EPSS
Exploits1References2
Cent OS
Cent OS
added 2015/06/04 7:47 p.m.481 views

openssl security update

CentOS Errata and Security Advisory CESA-2015:1072 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

4.3CVSS6AI score0.9986EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2015/06/04 5:49 p.m.5 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2015/06/04 12:0 a.m.122 views

Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)

According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.13, 6.0.x prior to 6.0.9, or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL library : - A security feature bypass...

7.5CVSS7.8AI score0.98685EPSS
Exploits1References17
Ubuntu
Ubuntu
added 2015/06/02 12:43 p.m.29 views

USN-2625-1: Apache HTTP Server update

As a security improvement, this update makes the following changes to the Apache package in Ubuntu 12.04 LTS: Added support for ECC keys and ECDH ciphers. The SSLProtocol configuration directive now allows specifying the TLSv1.1 and TLSv1.2 protocols. Ephemeral key handling has been improved,...

5.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/06/02 12:0 a.m.18 views

Ubuntu 14.04 LTS : OpenSSL update (USN-2624-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2624-1 advisory. As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks. Tenable h...

5.5AI score
Exploits0References1
Kitploit
Kitploit
added 2015/06/01 9:52 p.m.50 views

Wireless Network Watcher v1.81 - Show Who is Connected to your Wireless Network

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...

6.6AI score
Exploits0
Ubuntu
Ubuntu
added 2015/06/01 5:7 p.m.50 views

USN-2624-1: OpenSSL update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

5.4AI score
Exploits0References1
OSV
OSV
added 2015/06/01 5:7 p.m.3 views

USN-2624-1 openssl update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

4.3CVSS6.2AI score0.9986EPSS
Exploits1References2
OSV
OSV
added 2015/05/29 3:59 p.m.1 views

DEBIAN-CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

7.8CVSS6.4AI score0.03675EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/05/29 3:0 p.m.21 views

CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

6.3AI score0.03675EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2015/05/29 3:0 p.m.18 views

CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

7.8CVSS6.2AI score0.03675EPSS
Exploits0
OSV
OSV
added 2015/05/29 12:0 a.m.2 views

UBUNTU-CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

7.8CVSS5.8AI score0.03675EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/05/27 11:48 a.m.11 views

Security Researchers Publish Comments on Wassenaar Rules

With the two-month comment period for the proposed U.S. Wassenaar Arrangement rules barely under way, a cast of influential security researchers has wasted no time preparing and submitting their thoughts on the controversial proposal. Researchers who seek out vulnerabilities in software—developin...

7.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2015/05/23 12:0 a.m.3 views

PT-2015-3589 · Nbd +2 · Nbd-Server +2

Name of the Vulnerable Software and Affected Versions: nbd-server versions 2.9.22 through 3.3 Description: The issue in nbd-server allows remote attackers to cause a denial of service by either closing the connection during negotiation or specifying a name for a non-existent export, which can lea...

9.8CVSS6.8AI score0.03675EPSS
Exploits3References37
OpenVAS
OpenVAS
added 2015/05/23 12:0 a.m.21 views

Debian Security Advisory DSA 3271-1 (nbd - security update)

Tuomas Rsnen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Rsnen also discovered that the modern-style negotiation was carried out ...

7.8CVSS6.4AI score0.03675EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/05/22 12:19 p.m.8 views

Podcast Discussing the Week's Security, Crypto News

Dennis Fisher and Mike Mimoso talk about the Logjam attack, the proposed Wassenaar export rules on exploits, and the letter to the president decrying crypto back doors. They do not talk about the Mad Men finale. Nor will they ever. Download: digitalunderground204.mp3 Music by Chris Gonsalves...

3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/05/21 12:59 p.m.13 views

Proposed U.S. Wassenaar Rules on Intrusion Software

Two things worth noting from yesterday’s unveiling of the Bureau of Industry and Security’s proposed Wassenaar rules for the U.S. that weren’t so overt: a The U.S. generally leads the way in implementing Wassenaar changes, and this time it’s been beaten by the EU by almost 18 months; and b reques...

7.3AI score
Exploits0References4
Rows per page
Query Builder