New Study Warns Several Free iOS and Android VPN Apps Leak Data

A Zimperium zLabs analysis of 800 free Android and iOS VPN apps exposes critical security flaws, including the Heartbleed bug, excessive system permissions, and non-transparent data practices. Learn how these 'privacy' tools are actually major security risks, especially for BYOD environments...

NewStart CGSL MAIN 6.06 : openssl Multiple Vulnerabilities (NS-SA-2025-0211)

The remote NewStart CGSL host, running version MAIN 6.06, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

K15159: OpenSSL vulnerability CVE-2014-0160

Security Advisory Description The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as...

SUSE CVE-2014-0160

The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

Capital One: Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over th...

Security Bulletin: OpenSSL Heartbleed Vulnerability and Impact to Algo and OpenPages Products

Abstract The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privac...

Uber: ubernycmarketplace.com is vulnerable to the Heartbleed Bug

The Heartbleed Bug was a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This allows attackers to eavesdrop on communications, stea...

Amazon Linux: Security Advisory (ALAS-2014-320)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Threat Outbreak Alert RuleID12041: Email Messages Distributing Malicious Software on October 20, 2014

Medium Alert ID: 36149 First Published: 2014 October 20 18:41 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12041 may contain the following files: Name |...

Threat Outbreak Alert RuleID11654: Email Messages Distributing Malicious Software on September 22, 2014

Medium Alert ID: 35800 First Published: 2014 September 22 19:30 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11654 may contain the following files: Name ...

Kaspersky Internet Security Heartbeat Information Disclosure (Heartbleed)

The remote host has a version of Kaspersky Internet Security KIS installed that is missing a vendor patch. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that...

HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)

The RPM installation of HP Version Control Agent VCA on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions...

HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)

The RPM installation of HP Version Control Agent VCA on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions...

Kerio Connect 8.2.x < 8.2.4 Heartbeat Information Disclosure (Heartbleed)

According to its banner, the remote host is running a version of Kerio Connect formerly Kerio MailServer version 8.2.x prior to 8.2.4. It is, therefore, affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS...

Updated tor packages fix multiple vulnerabilities

Update to version 0.2.4.22 which solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL CVE-2014-0160. - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. -...

Cisco TelePresence Video Communication Server Heartbeat Information Disclosure (Heartbleed)

According to its self-reported version number, the version of Cisco TelePresence Video Communication Server installed on the remote host is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat...

Attachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed)

The Attachmate Reflection Secure IT Windows Client install on the remote host contains a component, Reflection FTP Client, which is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions th...

Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)

According to its self-reported version number, the version of Symantec Endpoint Protection Manager SEPM installed on the remote host is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extension...

TLS 1.3 Has Consensus to Deprectate RSA Key Transport

The IETF working group responsible for the TLS 1.3 standard is closing in on a decision to remove RSA key transport cipher suites from the protocol. Decades-old RSA-based handshakes don’t cut it anymore, according to experts, who are anxious to put a modern protocol in place, one that can fend of...

Nasty Covert Redirect Vulnerability found in OAuth and OpenID

After Heartbleed bug, a security flaw in widely used open-source software OpenSSL that puts countless websites at risk, another vulnerability has been found in popular authentication software OpenID and authorization software OAuth. Wang Jing, a Chinese mathematics Ph.D student at the Nanyang...