Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Switches (CVE-2015-7575)

Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM BladeCenter Switches. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM BladeCenter Switches. Vulnerability Details CVE-ID: CVE-2015-7575 Description: The TLS protocol could allow weaker than expected...

SUSE: Security Advisory (SUSE-SU-2014:1220-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

bioinfo.lille.inria.fr XSS vulnerability

Open Bug Bounty ID: OBB-572403 Description| Value ---|--- Affected Website:| bioinfo.lille.inria.fr Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services security update

An update is now available for JBoss Core Services on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Debian DSA-3437-1 : gnutls26 - security update (SLOTH)

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct...

DSA-3436-1 openssl - security update

Bulletin has no description...

Debian DSA-3202-1 : mono - security update

Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards. Mono's TLS stack contained several problems that hampered its capabilities: those issues could lead to client impersonation via SKIP-TLS...

[SECURITY] [DSA 3202-1] mono security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3202-1 [email protected] http://www.debian.org/security/ Sebastien Delafond March 22, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3202-1] mono security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3202-1 [email protected] http://www.debian.org/security/ Sebastien Delafond March 22, 2015 http://www.debian.org/security/faq -...

Vulnerability in OpenSSL - ECDHE silently downgrades to ECDH [Client]

An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite. Found by Karthikeyan Bhargavan of the PROSECCO team at INRIA...

DLA-62-1 nss - security update

Bulletin has no description...

DSA-3033-1 nss - security update

Bulletin has no description...

chromium -- RSA signature malleability in NSS

Google Chrome Releases reports: 414124 RSA signature malleability in NSS CVE-2014-1568. Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and Advanced Threat Research team at Intel Security...

Stable Channel Update

The stable channel has been updated to 37.0.2062.124 for Windows and Mac. This build contains a security change: 414124 RSA signature malleability in NSS CVE-2014-1568. Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and Advanced Threat Research team at Intel Security Interested ...

RSA Signature Forgery in NSS — Mozilla

Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...

NSS ticket handling issues — Mozilla

Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services NSS libraries. These have been addressed in the NSS 3.15.4 release, shipping ...

Amaya Web Editor XML and HTML parser Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Amaya web editor XML and HTML parser vulnerabilities 1. Advisory Information Title: Amaya web editor XML and HTML parser...

Amaya Web Editor XML and HTML parser Vulnerabilities

Exploit for unknown platform in category dos / poc ==================================================== Amaya Web Editor XML and HTML parser Vulnerabilities ==================================================== -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs...

cisco7940-dos.txt

Cisco 7940 Denial of Service Vulnerability Hardware: Cisco 7940 SIP Phone Severity: High – Denial of Service Software: Affected version: P0S3-08-7-00 Other Versions: May be Notification: Vulnerability found: 30 August 2007 Contact Cisco: 31 August 2007 Tracked issue: 11 September 2007 Vulnerabili...