wireshark: TLS/SSL decryption crash (wnpa-sec-2015-05)

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

Microsoft Windows Schannel TLS Three Times Handshake Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Microsoft Schannel or Secure Channel is one of the Security Support Providers SSPs that implements the Secure Socket Layer SSL and Transport Layer Security TLS protocols and provides authentication...

IBM Security QRadar Incident Forensics Cached SSL Page Vulnerability

IBM Security QRadar Incident Forensics is a suite of security forensic investigation software from IBM. The software supports in-depth forensic investigations of suspected malicious network security incidents, and repair network security vulnerabilities. IBM Security QRadar Incident Forensics 7.2...

lldp 'protocols/lldp.c' buffer overflow vulnerability

lldp is a link-layer discovery protocol that allows network devices to advertise their device identity and performance on the local subnet. lldp 'protocols/lldp.c' does not perform proper bounds checking on user-submitted input, allowing an attacker to exploit the vulnerability by submitting a...

Samsung - m2m1shot Kernel Driver Buffer Overflow

Samsung - m2m1shot Kernel Driver Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=493 The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoin...

Samsung - 'm2m1shot' Kernel Driver Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=493 The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoint /dev/m2m1shotjpeg is accessible by the media...

DEBIAN-CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

UBUNTU-CVE-2015-4456

ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a...

Juniper Networks Netscreen and ScreenOS Firewall Denial of Service Vulnerability

Juniper Netscreen and ScreenOS Firewall with ScreenOS is a Juniper Networks NetScreen series firewall running the ScreenOS operating system. A security vulnerability exists in the L2TP packet processing in Juniper Networks Netscreen and ScreenOS Firewall products used in ScreenOS versions prior t...

Multiple Cross-Site Scripting Vulnerabilities in HP Smart Profile Server Data Analytics Layer

HP Smart Profile Server Data Analytics Layer is a product from Hewlett-Packard HP designed for communications service providers to manage and analyze customer data for telecom business needs. Multiple cross-site scripting vulnerabilities exist in HP Smart Profile Server Data Analytics Layer versi...

The vulnerability of the Mac OS X operating system, which allows a hacker to compromise security of information.

The vulnerability of the TLS protocol implementation in the Mac OS X operating system is related to errors in the key exchange process. Exploiting this vulnerability can allow a malicious actor to compromise information security remotely...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HP Smart Profile Server Data Analytics Layer SPS DAL 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5444

Multiple cross-site scripting XSS vulnerabilities in HP Smart Profile Server Data Analytics Layer SPS DAL 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5444

Multiple cross-site scripting XSS vulnerabilities in HP Smart Profile Server Data Analytics Layer SPS DAL 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

docker-engine security update

1.8.3-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Add documentation files to binary RPM 1.8.3 - Fix layer IDs lead to local graph poisoning CVE-2014-8178 - Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass CVE-2014-8179 - Add...

The vulnerability of the NX-OS network operating system allows a hacker to induce a maintenance failure.

The vulnerability of the NX-OS network operating system exists due to insufficient verification of input data. Exploiting this vulnerability can allow attackers to cause service failures by sending specially crafted LLDP packets over the local network...

CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix

It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

The vulnerability of the iOS operating system, which allows attackers to carry out “man-in-the-middle” attacks

The vulnerability of the WebKit component of the iOS operating system is related to errors in cryptographic transformations. Exploiting this vulnerability allows a remote attacker to perform “man-in-the-middle” attacks due to errors in SSL certificate processing...

USN-2755-1: Cyrus SASL vulnerability

It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service...

UBUNTU-CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...