Microsoft .NET Framework TLS/SSL Information Disclosure Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

CVE-2016-0149

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."...

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

CVE-2016-2094

The HTTPS NIO Connector allows remote attackers to cause a denial of service thread consumption by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability...

Linux kernel information disclosure vulnerability (CNVD-2016-02915)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the llc module of the Linux kernel, which stems from a program's failure to initialize the padding bytes in the 'info' stack...

The vulnerability of the Junos operating system, which allows a hacker to trigger a service failure

The vulnerability of the rpd daemon in the Junos operating system is related to incorrect data processing. Exploiting this vulnerability allows a malicious actor to trigger a service failure daemon reboots through a specially created BGP update using L2VPN...

LibRSVG Multiple Function Denial of Service Vulnerabilities

LibRSVG is a SVG rendering engine written in C . A security vulnerability exists in LibRSVG's 'rsvgcairopopdiscretelayer', 'rsvgcairopoprenderstack', and 'rsvgcairogeneratemask' functions contain a security vulnerability that could be exploited by remote attackers to cause a denial-of-service...

Cybozu kintone for Android Validated SSL Server Certificate Vulnerability

Cybozu kintone for Android is an Android-based business cloud application for business communication and collaboration by Cybozu. A security vulnerability exists in Cybozu kintone for Android versions 1.0.0 to 1.0.5, which can be exploited by attackers to conduct man-in-the-middle attacks and...

PHP Man-in-the-Middle Attack Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in the MySQL native driver for PHP, which can be exploited by an attacker to perform a man-in-the-middle attack,...

[SECURITY] Fedora 22 Update: mod_nss-1.0.11-7.fc22

The modnss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and Transport Layer Security TLS protocols using the Network Security Services NSS security library...

nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)

A use-after-free flaw was found in the way NSS handled DHE Diffie–Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause th...

The vulnerability of the ProFTPd FTP server allows a hacker to compromise the integrity, accessibility, and confidentiality of information.

The vulnerability of the modtls module in the ProFTPd FTP server exists due to incorrect processing of the TLSDHParamFile directive. Exploiting this vulnerability allows a malicious actor to compromise the integrity, availability, and confidentiality of information...

The vulnerability of the operating system for Clustered Data ONTAP storage systems allows a attacker to obtain confidential information or replace servers.

The vulnerability of the Clustered Data ONTAP operating system exists due to the lack of verification of X.509 certificate checks for the TLS server. Exploiting this vulnerability allows a malicious actor to replace the server remotely or obtain confidential information using a specially crafted...

Juniper Networks Junos OS BGP 'family l2vpn' UPDATE Denial of Service Vulnerability

Juniper Networks Junos OS is a network operating system dedicated to the company's hardware systems. A security vulnerability in Juniper Networks Junos OS using BGP based L2VPN and VPLS configuration allows remote attackers to conduct denial of service attacks by submitting a BGP 'family l2vpn'...

CVE-2016-1270

The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with...

CVE-2016-1268

The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service reboot via a crafted SSL packet...

Tokyo Star bank App fails to verify SSL server certificates

Overview Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

CVE-2016-0887

EMC RSA BSAFE Micro Edition Suite MES 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition CCME 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by...

IBM WebSphere Application Server Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere Application...

CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...