The vulnerability of the OpenSSL software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in d1both.c, within the implementation of DTLS for OpenSSL, allows malicious actors operating remotely to trigger a service failure excessive memory consumption by using specially crafted DTLS negotiation messages that cause memory allocation for large values...

The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality of protected information.

The vulnerability exists in OpenSSL due to the incorrect use of the “no-ssl3” option. Exploiting this vulnerability allows malicious actors to circumvent access restrictions by using SSL 3.0 negotiation. This vulnerability is related to the s23clnt.c and s23srvr.c files...

The vulnerability of Cisco IPS software allows a malicious actor to trigger a service failure.

The vulnerability in the dtls1getmessagefragment function in d1both.c of OpenSSL allows malicious actors to induce a service failure recursion and abnormal client termination by using the DTLS hello message in an invalid manner...

Vulnerability of Cisco ACE software, which allows a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

The vulnerability of the Internet Explorer browser allows a malicious attacker to compromise the confidentiality and integrity of protected information.

A vulnerability that allows bypassing security mechanisms exists in Internet Explorer and is related to the improper implementation of requirements for high-security SSL certificates, particularly regarding the prohibition on using group certificates. Exploiting this vulnerability enables a...

The vulnerability of Cisco IPS software allows a malicious actor to intercept sessions.

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to execute arbitrary code.

The vulnerability exists in the function dtls1reassemblefragment in d1both.c in OpenSSL, due to an improper check of the length of fragments in DTLS ClientHello messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure buffer overflow an...

The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the function dtls1reassemblefragment in d1both.c in OpenSSL, due to an improper check of the length of fragments in DTLS ClientHello messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure buffer overflow an...

[SECURITY] Fedora 24 Update: gimp-2.8.16-2.fc24

GIMP GNU Image Manipulation Program is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would exp ect to find in similar commercial offerings, and some interesting extras ...

The vulnerability of the Cisco IOS operating system, which allows a remote attacker to trigger a service failure

A bug in the Application Layer Gateway ALG module of the Cisco IOS operating system allows a remote attacker to reboot the device by using a specially crafted DNS packet with NAT enabled...

CVE-2016-1425

Cisco IOS 15.02SG5, 15.12SG3, 15.21E, 15.33S, and 15.41.13S allows remote attackers to cause a denial of service device crash via a crafted LLDP packet, aka Bug ID CSCun66735...

[SECURITY] [DSA 3612-1] gimp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3612-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 01, 2016 https://www.debian.org/security/faq -...

LizardStresser IoT Botnets Part of 400Gbps DDoS Attacks

LizardStresser, a distributed denial of service botnet, has found new life leveraging hundreds of internet-based webcams in attacks against Brazilian-based banks, government agencies as well as a handful of U.S.-based gaming companies. Researchers at the Arbor’s Security Engineering and Response...

Sushiro App fails to verify SSL server certificates

Overview Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates. Yuta Teshima of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack

The Internet of Things IoTs or Internet-connected devices are growing at an exponential rate and so are threats to them. Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

USN-3021-1: Linux kernel vulnerabilities

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

[SECURITY] [DLA 525-1] gimp security update

Package : gimp Version : 2.8.2-2+deb7u2 CVE ID : CVE-2016-4994 It was discovered that there was a use-after-free vulnerability in the channel and layer properties parsing process in Gimp, the GNU Image Manipulation Program. For Debian 7 "Wheezy", this issue has been fixed in gimp version...

Cisco IOS Denial of Service Vulnerability (CNVD-2016-04224)

Cisco IOS is an operating system developed by Cisco for its network devices. A denial of service vulnerability exists in Cisco IOS versions 15.21T1.11 and 15.22TST. An attacker could exploit this vulnerability to cause a denial of service device crash by sending specially crafted LLDP packets...

Citrix Receiver for iOS Design Vulnerability

Citrix Receiver for iOS is a suite of iOS-based client software for accessing XenDesktop and XenApp from Citrix Systems. A design vulnerability exists in Citrix Receiver for iOS versions prior to 7.0. An attacker could exploit the vulnerability to prevent TLS certificates from being properly...