9999 matches found
CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...
CVE-2016-0270
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden...
Business LaLa Call App for Android fails to verify SSL server certificates
Overview Business LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
CVE-2016-7569
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. dot dot in the embedded layer data in an image...
Directory traversal
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. dot dot in the embedded layer data in an image...
UBUNTU-CVE-2016-7569
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. dot dot in the embedded layer data in an image...
DEBIAN-CVE-2016-7569
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. dot dot in the embedded layer data in an image...
Security Using Pre-Existing Routing for Mobile Ad hoc Networks: SUPERMAN
Security Using Pre-Existing Routing for Mobile Ad hoc Networks The flexibility and mobility of Mobile Ad hoc Networks MANETs have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data...
openssl: Possible integer overflow vulnerabilities in codebase
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash...
Open Source File System Digital Forensics: The Sleuth Kit
Open Source File System Digital Forensics The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth...
USN-3173-1 nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340 vulnerability
It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service...
Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1.-1600 - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security Virtual Appliance 9.1.-1600 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro InterScan Messaging Security...
PYSEC-2017-98
Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...
MGASA-2017-0013 Updated nvidia304 and nvidia340 packages fix security vulnerabilities
This proprietary nvidia340 and nvidia304 driver update fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an...
Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014
Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014 View products that this article applies to. Introduction This update is for the Microsoft .NET Framework to disable...
Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014
Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014 View products that this article applies to. Introduction This update is for the Microsoft .NET Framework to disable RC4 in Transpor...
MS15-084: Description of the security update for Windows XML core services: August 11, 2015
MS15-084: Description of the security update for Windows XML core services: August 11, 2015 Summary This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks ...
puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud
An access-control flaw was discovered in puppet-tripleo's IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. Some API services in Red Hat OpenStack Platform director are not exposed to public networks, which meant their $publicsslport value was set to...
MGASA-2017-0003 Updated kernel-linus packages fix security vulnerabilities
This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...
Design/Logic Flaw
QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...