CVE-2016-5433

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors...

USN-3006-1 linux vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

The vulnerability of the Mac OS X operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Tcl component in the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to obtain confidential information by using SSLv2 support...

ArchStrike - Security Layer for Arch Linux

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x8664, ARMv6, and ARMv7. ArchStrike is a penetration testing and security layer on top of Arch Linux. We follow the Arch Linux standards very closely in order to keep our packages clean,...

Denial of Service Vulnerability in Multiple F5 BIG-IP Products (CNVD-2016-03941)

F5 BIG-IP Analytics and others are products of F5 Corporation in the U.S. F5 BIG-IP Analytics is a suite of Web application performance analytics software. the APM is a suite of solutions that provide secure and unified access to business-critical applications and networks. and the LTM is a local...

Android SD Card User Control Emulation Layer Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA.SD Card Emulation Layer is one of the SD card user controls. An elevation of privilege vulnerability exists in the SD Card user control emulation layer of Android. A local attacker...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

squid: SIGSEGV in ESIContext response handling

An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

squid: SIGSEGV in ESIContext response handling

An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...

squid: SegFault from ESIInclude::Start

A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

Man-in-the-middle attack vulnerabilities in multiple DMM products

DMM FX Trade for Android and others are Android-based applications developed by DMM Securities Inc. of Japan for foreign exchange trade transactions. A security vulnerability exists in several DMM products, which stems from the program's failure to validate SSL server certificates. An attacker...

Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...

CVE-2016-1853

Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support...

THE HYAKUGO BANK 105 BANK Man-in-the-Middle Attack Vulnerability

THE HYAKUGO BANK 105 BANK is a suite of online banking mobile apps from THE HYAKUGO BANK, Japan. A man-in-the-middle attack vulnerability exists in THE HYAKUGO BANK 105 BANK, which arises from the program failing to properly validate an SSL server certificate. An attacker could use this...

CVE-2016-0306

IBM WebSphere Application Server WAS 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors...

openssl security update

CentOS Errata and Security Advisory CESA-2016:0996 An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Microsoft .NET Framework TLS/SSL Information Disclosure Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

CVE-2016-0149

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."...