Denial of Service Vulnerability in Multiple EMC RSA Products

EMC RSA BSAFE Micro Edition Suite MES and others are products of EMC Corporation.EMC RSA BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a wide...

Microsoft Windows WebDAV Man-in-the-Middle Information Disclosure Vulnerability (CNVD-2015-05494)

Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows WebDAV where the WebDAV client allows SSL 2.0 man-in-the-middle attackers to force the encryption algorithm to downgrade to SSL 2.0 and then decrypt the communication...

Microsoft XML Core Services Man-in-the-Middle Information Disclosure Vulnerability (CNVD-2015-05495)

Microsoft XML Core Services MSXML is a user to allow the use of JScript, VBScript and Visual Studio 6.0 users to develop XML-based applications , in order to interoperate with other applications that follow the XML 1.0 standard . A security vulnerability exists in Microsoft XML Core Services that...

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the ssleayrandbytes function in the OpenSSL library is related to buffer overflows in dynamic memory, caused by integer overflows. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by establishing multiple TLS sessions remotely...

The vulnerability of the Cisco Adaptive Security Appliance allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the Cisco Adaptive Security Appliance’s TLS implementation is due to problems with the use of cryptography. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” attacks remotely...

Microsoft Windows Shell Security Feature Local Bypass Vulnerability

Microsoft Windows Shell is an interface for interacting with the user on Windows systems from Microsoft USA that allows the user to perform public tasks such as accessing the file system, exporting executable programs, and changing system settings. A security feature bypass vulnerability exists i...

Microsoft Windows Object Manager Local Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.Object Manager is one of the object managers. An elevation of privilege vulnerability exists in Windows Object Manager, which can be exploited by an attacker to bypass emulation layer security checks and elevate privileges...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

Fortinet FortiOS SSL-VPN Man-in-the-Middle Security Bypass Vulnerability

Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A security vulnerability exists in Fortinet FortiOS SSL-VPN that could be exploited by an attacker to perform an unauthorized...

MS15-084: Vulnerabilities in XML core services could allow information disclosure: August 11, 2015

Resolves vulnerabilities in Windows and Office that could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer SSL 2.0.Summary This security update resolves vulnerabilities in Microsoft...

Integer overflow

Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service memory corruption via a negative value of a size paramete...

The vulnerability of Cisco Adaptive Security Appliance’s network firewall, which allows a hacker to trigger a service failure.

The vulnerability of Cisco Adaptive Security Appliance’s network interface layer is related to resource management errors. Exploiting this vulnerability can allow attackers to cause service interruptions by sending specially crafted OSPFv2 packets...

389-ds-base: nsSSL3Ciphers preference not enforced server side (regression)

389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...

CVE-2015-3438

Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...

CVE-2015-3438

Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

Security feature bypass

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566...

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...