Fake Turkish digital Certificates blocked by Browser vendors

It’s the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google’s web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team...

Microsoft Releases Security Advisory on Fraudulent Digital Certificates

Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates issued by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects al...

Design/Logic Flaw

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service...

CVE-2012-6461

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service...

CVE-2012-6461

Opera: CVE-2012-6461 concerns the X.509 certificate-validation in Opera’s HTTPS implementation. Affected: Opera before 12.10. Description: remote attackers could cause a false indication of revocation-status success by triggering a failure of a single checking service. Mitigation: upgrade to a ne...

SuSE Update for opera openSUSE-SU-2012:1481-1 (opera)

Check for the Version of opera OpenVAS Vulnerability Test $Id: gbsuse201214811.nasl 8253 2017-12-28 06:29:51Z teissa $ SuSE Update for opera openSUSE-SU-2012:1481-1 opera Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is...

openSUSE: Security Advisory for opera (openSUSE-SU-2012:1481-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

opera to 12.10 (important)

This Opera 12.10 security update fixes following security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate...

Opera < 12.10 Multiple Vulnerabilities

Binary data 800822.prm...

Opera < 12.10 Multiple Vulnerabilities

Binary data 6618.prm...

Opera < 12.10 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 12.10 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to certificate revocation checking that can allow the application to indicate that a site is secure even though the check has...

Certificate revocation service failure may cause Opera to show an unverified site as secure

When accessing secure websites, Opera checks with a number of services to check if the website's security certificate has been revoked. Normally, if Opera cannot check revocation status, it will not present the site as secure. In some cases, a failure in one of these services can cause Opera not ...

Certificate revocation service failure may cause Opera to show an unverified site as secure – Opera Security Advisories

When accessing secure websites, Opera checks with a number of services to check if the website’s security certificate has been revoked. Normally, if Opera cannot check revocation status, it will not present the site as secure. In some cases, a failure in one of these services can cause Opera not ...

Microsoft Patches Critical Word Flaw; Certificate Key Length Changes are Official

Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability. In all, 20 vulnerabilities were repaired by Microsoft, which also issued an advisory regarding poorly generated digital certificates that have to be replaced and the...

Adobe Releases Security Bulletin About Code Signing Certificate

Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new...

Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks

Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week...

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes

Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...

Ubuntu: Security Advisory (USN-1505-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-5123

The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors...