DEBIAN-CVE-2017-9869

The IIstepone function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...

UBUNTU-CVE-2017-9871

The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

BSA-2017-342

Security Advisory ID : BSA-2017-342 Component : Freeradius Revision : 2.0: Interim The TLS session cache inFreeRADIUS2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remo...

Balance traffic intelligently by leveraging Application Layer (Layer 7) and DNS Layer (Layer 3) logic

Gaining new customers and retaining existing ones is at the core of every business. In the past few years, two major trends have emerged in this drive towards customer centricity To meet the ever increasing customer demands, most modern digital applications leverage microservice architecture to...

IPv6 Address Spoofing: sylkie

IPv6 Address Spoofing A command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. Getting Started Dependencies libseccomp json-c Build Get the code and compile it! Get the code git clone...

Kibana Denial of Service Vulnerability

Kibana is an open source data visualization plugin for Elasticsearch. A denial of service vulnerability exists in Kibana. When configured for SSL client access, file descriptors fail to clear after certain requests and can accumulate over time, causing the process to crash...

Cayuga Lake National Bank Information Disclosure Breach

Cayuga Lake National Bank is a Banking Services app. cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS fails to validate SSL servers with X.509 certificates, allowing man-in-the-middle attackers to spoof servers and gain access to sensitive information by crafting certificates...

CVE-2017-9588

The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2017-9587

The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2017-9587

The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2017-9597

The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

CVE-2017-9592

The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain...

CVE-2017-9559

The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2017-9577

The "First Citizens Bank-Mobile Banking" by First Citizens Bank AL app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

FreeRADIUS Server TLS Authentication Bypass Vulnerability

FreeRadius is a set of software from the FreeRADIUS Server project that implements the RADIUS protocol. The software is mainly used for account authentication management, bookkeeping management and Internet account management, etc. and contains a Radius server, a client library for BSD protocol...

How to install applications that require joining the domain with Citrix App Layering

Question: During new layer creation, we need to join the domain to successfully install our applications. However, we read that only the platform layer should be joined to the domain - can we join the domain while creating an application layer? Answer: You can temporarily join a packaging machine...

SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients...

SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients...

SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients...

CVE-2016-6087

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918...