Siemens S7-1200 Insecure Storage of HTTPS CA Certificate

Overview Siemens has reportedSSA-240718, http://www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm, Web site last accessed September 19, 2012 an insecure HTTPS certificate storage vulnerability in Siemens’ S7-1200 v2.x. Siemens has provided guidance to...

Moderate: Red Hat Security Advisory: mod_cluster security update

An update for JBoss Enterprise Web Server 1.0.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Moderate: Red Hat Security Advisory: mod_cluster security update

An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which give...

CVE-2012-3006

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, whi...

Code injection

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, whi...

CVE-2012-3006

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, whi...

CVE-2012-3006

The CVE-2012-3006 entry concerns Innominate mGuard devices (Smart HW before HW-101130, BD before BD-101030, Industrial RS, Delta HW before HW-103060, BD before BD-211010, PCI, Blade, EAGLE) running software before 7.5.0. The root cause is insufficient entropy when generating private keys for HTTP...

Fixed in Apache Tomcat 7.0.28

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

CSNC-2012-004 Generic XSS in AdNovum nevisProxy

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: NevisProxy Vendor: AdNovum CVD ID: CSNC-2012-004 Subject: Cross-site scripting XSS within 302 Redirections Risk: High Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date: 02/23/2012...

Code injection

The Single Sign On Client ubuntu-sso-client for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle MITM attack...

CVE-2011-4408

CVE-2011-4408 affects the Ubuntu Single Sign On Client (ubuntu-sso-client) on Ubuntu 11.04 and 11.10. The issue is that SSL certificates were not properly validated over HTTPS, enabling remote attackers to perform MITM attacks to spoof a server and read or modify sensitive data. Public references...

CVE-2011-4408

The Single Sign On Client ubuntu-sso-client for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle MITM attack...

CVE-2012-2566

Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted...

Design/Logic Flaw

Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted...

CVE-2012-2566

Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted...

CVE-2012-2566

CVE-2012-2566 concerns Bloxx Web Filtering prior to 5.0.14. The issue is that the product does not correctly interpret the X-Forwarded-For header during HTTPS access-control and logging, which can allow an unauthenticated user to bypass IP/domain restrictions and produce misleading logs. The entr...

Ubuntu: Security Advisory (USN-1465-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for ubuntuone-client USN-1465-1

Ubuntu Update for Linux kernel vulnerabilities USN-1465-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14651.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for ubuntuone-client USN-1465-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-1465-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1464-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...