2077 matches found
OpenSSL: out-of-bounds read in X509_cmp_time
An out-of-bounds read flaw was found in the X509cmptime function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL Certificate Revocation List, which when parsed by an application would cause...
FreeRADIUS
Insufficient certificate revocations checks...
freeradius -- insufficient CRL application vulnerability
oCERT reports: The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA...
OpenSSL: out-of-bounds read in X509_cmp_time
An out-of-bounds read flaw was found in the X509cmptime function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL Certificate Revocation List, which when parsed by an application would cause...
Moderate: Red Hat Security Advisory: openssl security update
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Vimeo: API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass
OAuth2 API makes it possible for users to grant access to their accounts to some third-side applications. Of course, users are able to manage such applications' access to their accounts and may deny access for any application. When some user denies access for the application, all accesstokens are...
Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)
Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox: Miscellaneous...
Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37
Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don’t support HTTPS. The new feature gives users a new defense against some for...
FreeBSD : libuv -- incorrect revocation order while relinquishing privileges (996bce94-d23d-11e4-9463-9cb654ea3e1c)
Nodejs releases reports : CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques...
libuv -- incorrect revocation order while relinquishing privileges
Nodejs releases reports: CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges...
Firefox 37 to Include New OneCRL Certificate Blocklist
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP online certificate status...
OracleVM 3.3 : nss (OVMSA-2014-0014)
The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Update some patches on account of the rebase - Resolves: Bug 1099619 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 - Remov...
RHEL 5 : pki (RHSA-2012:1103)
Updated pki-common, pki-tps and pki-util packages that fix multiple security issues and add one enhancement are now available for Red Hat Certificate System 8.1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...
Google released SSLv3 vulnerability summary analysis report-vulnerability warning-the black bar safety net
! This morning, Google released a SSLv3 vulnerability a brief analysis of the report. According to Google's statement,the exploit runs through all of the SSLv3 version, the use of the vulnerability, the hacker can by a man in the middle attacks, etc. in a similar manneras long as the hijacking of...
CentOS 5 : nss (CESA-2014:1246)
Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
openstack-keystone: domain-scoped tokens don't get revoked
It was discovered that domain-scoped tokens were not revoked when a domain was disabled. Only OpenStack Identity setups configured to make use of revocation events were affected...
openstack-keystone: token expiration date stored incorrectly
A flaw was found in keystone revocation events that resulted in the "issuedat" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID...
Low: Red Hat Security Advisory: openstack-keystone security and bug fix update
Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring Syst...
openstack-keystone: revocation events are broken with mysql
It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected...
Low: Red Hat Security Advisory: openstack-keystone security and bug fix update
Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring Syst...