CVE-2014-0373

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on...

Debian: Security Advisory (DSA-2844-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : kernel (MDVSA-2014:001)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service system crash via a VAPIC synchronization operation involving a page-end address CVE-2013-6368. The...

Fedora 19 : openssl-1.0.1e-37.fc19 (2014-0456)

Security update fixing segfaults in DTLS and TLS implementation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140108)

A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. CVE-2013-6449 It was discovered that the Datagr...

CVE-2013-6982

The BGP implementation in Cisco NX-OS 6.22a and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service peer reset via a crafted message, aka Bug ID CSCuj03174...

CVE-2013-5385

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System aka NOS, formerly BLADE Operating System does not properly validate Link State Advertisement LSA type 1 packets before performing operations on the LSA database, which allows remote...

CVE-2013-5385

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System aka NOS, formerly BLADE Operating System does not properly validate Link State Advertisement LSA type 1 packets before performing operations on the LSA database, which allows remote...

CVE-2013-6450

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...

CVE-2013-6450

CVE-2013-6450 affects OpenSSL DTLS retransmission handling. The vulnerability arises from improper maintenance of digest/encryption context data structures during DTLS retransmission, in particular related to ssl/d1_both.c and ssl/t1_enc.c, which can allow a remote attacker to trigger a crash of ...

EUVD-2013-6257

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...

Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2013) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2013) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Brian Donohue on the NSA Panel Report

Dennis Fisher talks with Brian Donohue, Threatpost’s Washington, D.C. writer, about the new report from the NSA reform panel and whether any of the recommended changes will ever be implemented...

Santander BillPay Security Vulnerabilities Patched

Security weaknesses on the Santander Group BillPay website and mobile banking application have been addressed by the financial services organization’s developer Headland after they were exposed less than a week ago. U.K. consultant Paul Moore of Cresona Corp., reported a number of serious...

New IETF Group to Tackle TLS Implementation in Applications

The NSA surveillance scandal has created ripples all across the Internet, and the latest one is a new effort from the IETF to change the way that encryption is used in a variety of critical application protocols, including HTTP and SMTP. The new TLS application working group was formed to help...

[Orchid] Tor Client for Java

Orchid is a Tor client implementation and library written in pure Java. It was written from the Tor specification documents, which are available here. Orchid runs on Java 5+ and the Android devices. How can Orchid be used? In a basic use case, running Orchid will open a SOCKS5 listener which can ...

CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

XSS Vulnerability in simple_format helper

The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass...