FreeBSD-SA-16:10.linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:10.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer issetugid2 system call vulnerability Category: core Module: kernel Announced:...

Unspecified Vulnerability in Oracle Fusion Middleware Web Cache SSL Support Component (CNVD-2016-00579)

Oracle Fusion Middleware is a suite of application servers for cloud and traditional environments. An unspecified security vulnerability exists in the Oracle Fusion Middleware Web Cache SSL Support component, which could be exploited by remote attackers to gain access to data...

Unspecified Vulnerability in Oracle Fusion Middleware Web Cache SSL Support Component (CNVD-2016-00580)

Oracle Fusion Middleware is a suite of application servers for cloud and traditional environments. An unspecified security vulnerability exists in the Oracle Fusion Middleware Web Cache SSL Support component, which could be exploited by remote attackers to gain access to data...

Unspecified Vulnerability in Oracle Fusion Middleware Web Cache SSL Support Component

Oracle Fusion Middleware is a suite of application servers for cloud and traditional environments. An unspecified security vulnerability exists in the Oracle Fusion Middleware Web Cache SSL Support component, which could be exploited by remote attackers to gain access to data...

Juniper Junos RTSP Packet Handling flowd DoS (JSA10721)

According to its self-reported version number, the remote Juniper Junos device is affected by denial of service vulnerability due to a flaw in the Real Time Streaming Protocol Application Layer Gateway RTSP ALG implementation. An unauthenticated, remote attacker can exploit this, via a crafted RT...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

CVE-2016-0439

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430...

CVE-2016-0433

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support...

CVE-2016-0430

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

Input validation

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway RTSP ALG is enabled, allow remote attackers to cause a denial of service flowd crash v...

CVE-2016-1262

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway RTSP ALG is enabled, allow remote attackers to cause a denial of service flowd crash v...

CVE-2016-0934

Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF...

Design/Logic Flaw

Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF...

MS KB3109853: Update to Improve TLS Session Resumption Interoperability

The remote Windows host is missing an update to the Transport Layer Security TLS protocol implementation in SChannel. The update improves the interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket messa...

USN-2866-1 firefox vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

USN-2865-1 gnutls26, gnutls28 vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...