The vulnerability of the 802.1X component of the Mac OS X operating system allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the 802.1X component in the Mac OS X operating system is related to errors in the implementation of the TLS 1.0 protocol. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Juniper Networks Junos OS Point Hijacking Vulnerability

Juniper Junos OS is a Juniper Networks network operating system designed for the company's hardware systems. The OS provides a secure programming interface and the Junos SDK. A point hijacking vulnerability exists in Juniper Networks Junos OS. An attacker could exploit this vulnerability by sendi...

Blender customData_add_layer__internal integer overflow vulnerability

Blender is an open source cross-platform all-in-one 3D animation software, providing a series of animated short film production solutions from modeling, animation, materials, rendering, to audio processing, video editing and so on. An integer overflow vulnerability exists in Blender...

Jackson-databind 远程代码执行漏洞(CVE-2017-17485)

jackson-rce-via-spel An example project that exploits the default typing issue in Jackson-databind https://github.com/FasterXML/jackson-databind via Spring application contexts and expressions Context The Jackson-databind project has a feature called default-typing not enabled by default. When th...

CVE-2018-0007

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service...

CVE-2017-17841

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making...

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making...

DEBIAN-CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

DEBIAN-CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback...

Citrix App Layering - User Layer Error "We were unable to attach your User Layer"

When end users log into a virtual machine with Elastic layering enabled, they see the error "We were unable to attach your User Layer. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location." Details: "Access to the path...

CVE-2017-6164

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel TMM does not properly handle certain...

The vulnerability of the “scripts/license.pl” script in the Veritas NetBackup Appliance backup solution allows a perpetrator to execute arbitrary commands.

The vulnerability of the “scripts/license.pl” script in the Veritas NetBackup Appliance backup solution is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the “hostName” parameter ...

Virus Bulletin Publication And Presentation

Virus Bulletin conference is a well regarded intimate technical conference focused on malware research. It provides a good balance between listening to technical talks and spending time exchanging experiences with colleagues from different companies; all working on the same task of making our...

Ruby Net::LDAP gem SSL Certificate Validation Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto.Net::LDAP aka net-ldap gem is one of the lightweight directory access modules. A security vulnerability exists in the Ruby Net::LDAP gem prior to version...

Debugging Layer Integrity Problems in Citrix App Layering

...

golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting

It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...

CVE-2017-17549

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS...

JbossMQ Invocation Layer Deserialization Remote Code Execution (CVE-2017-12149; CVE-2017-7504)

An invocation layer deserialization vulnerability exists in Red Hat JBoss Seam Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted file to the web application...

DEBIAN-CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...