openSUSE Security Update : gajim (openSUSE-2016-29)

This update to gajim 0.16.5 fixes the following security issues : - CVE-2015-8688: Message interception due to unverified origin of roster push - Improve security on connexion and for roster managment boo960668 The following on-security improvements were added : - Improve MAM implementation. -...

Shoplat App for iOS issue in the verification of SSL certificates

Overview Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A connection to a server using a...

JVN#47951769: Shoplat App for iOS issue in the verification of SSL certificates

Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Impact A connection to a server using an invalid SSL server certificate can be estabilished without a warning. As a result, the user may not notice that a remote attacker is interceptin...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

DEBIAN-CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

UBUNTU-CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

CVE-2015-8688 affects Gajim prior to 0.16.5. The root cause is failure to verify the origin of roster-push IQ stanzas, allowing an attacker to spoof roster updates and intercept messages. Public advisories and vendor releases indicate upgrading to Gajim 0.16.5 (or respective patched package versi...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

KLA10742 Security bypass vulnerability in Gajim

An unspecified vulnerability was found in Gajim. By exploiting this vulnerability malicious users can modify roster and intercept messages. This vulnerability can be exploited remotely via a specially designed roster-push IQ stanza. Original advisories - Related products Gajim CVE list...

Siemens Industrial Products DROWN Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site. Siemens has found that a DROWNThe DROWN Attack, https://drownattack.com/, web site last...

SSH Authentication Backdoor Vulnerability in Fortigate Firewalls

FortiGate Fita Firewall is a network firewall product from Fortinet Fita for defense against attacks such as network and malicious code at the network and content layers. Fortigate Firewall has an SSH authentication backdoor vulnerability. FortiGate firewall FortimanagerAccess user's password is...

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

If you have installed Trend Micro's Antivirus on your Windows computer, then Beware. Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software. The Popular antivirus maker and security firm...

Cisco Jabber for Windows STARTTLS Downgrade Attack

An attacker in a man-in-the-middle position could abuse a STARTTLS downgrade vulnerability in the Cisco Jabber client-server negotiation in order to intercept communication. Cisco warned its customers yesterday, but has yet to patch the vulnerability, which affects the Cisco Jabber clients for...

Microsoft Bans Superfish SSL Interception Adware

Microsoft has taken steps to impede the next Superfish from impacting users. Superfish was pre-installed adware found on new Lenovo laptops earlier this year. The software exposes users to man-in-the-middle attacks because of the way it injects advertisements into the browser. It comes with a...

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

Samsung SoftAP Weak Password Vulnerability

Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours. ================================================================ Samsung softap weak random generated password This affects SmartTV and Printers ===============================================================...

kernel security and bug fix update

2.6.32-573.12.1 - Revert: netdrv igb: add support for 1512 PHY Stefan Assmann 1278275 1238551 2.6.32-573.11.1 - kvm svm: unconditionally intercept DB Paolo Bonzini 1279467 1279468 CVE-2015-8104 - x86 virt: guest to host DoS by triggering an infinite loop in microcode Paolo Bonzini 1277557 1277559...