16 matches found
OESA-2026-2506 qt6-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...
EUVD-2023-53522
Malicious code in bioql PyPI...
CVE-2023-49567
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5...
PT-2024-13748 · Bitdefender · Bitdefender Total Security
Name of the Vulnerable Software and Affected Versions: Bitdefender Total Security affected versions not specified Description: A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate. This allow...
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen
A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, the Ocelot Team...
Vulnerability fixed in OpenSSL
A vulnerability has been fixed in OpenSSL. The vulnerability allows an unauthenticated malicious person to cause a denial-of-service. To do so, the malicious party must offer a specially crafted certificate to the system that of OpenSSL. The vulnerability is caused by the "BNmodsqrt" function. Th...
New Firefox 32 Adds Protection Against MiTM Attack and Rogue Certificates
Good news for Firefox lovers! The Mozilla Foundation has introduced a bunch of new features in Firefox to improve browser security with the launch of Firefox 32, now available for Windows, Mac, Linux, and Android platforms. The new version of Firefox makes the browser even more competitive among...
Final Report on DigiNotar Hack Shows Total Compromise of CA Servers
The attacker who penetrated the Dutch CA DigiNotar last year had complete control of all eight of the company’s certificate-issuing servers during the operation and he may also have issued some rogue certificates that have not yet been identified. The final report from a security company...
GlobalSign Says No Evidence of CA Compromise Found
GlobalSign, the certificate authority that the attacker who compromised Comodo and DigitNotar claimed he had infiltrated as well, said it has completed its months-long security review and found no evidence that its CA infrastructure was compromised or that any rogue certificates had been issued...
Mozilla Asks Firefox CAs to Audit Security Systems in Wake of DigiNotar Hack
Already having revoked trust in the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that...
Ten Reasons The Diginotar Breach Will Be Bigger Than Stuxnet
by Roel Schouwenberg Editor’s note: This story was reposted from Securelist.com. In an almost unprecedented event the Dutch minister of internal affairs gave a press conference at 1:15 AM Friday to Saturday night. He announced the Dutch government was revoking trust in Diginotar. Diginotar...
Audit Report Shows Many Cracks in DigiNotar Security
A new report on the security of DigiNotar paints an ugly picture of the certificate authority’s safeguards and network infrastructure, showing that the company had all of its CA servers on one Windows domain and likely failed to separate the critical components on its network, making it easy for...
Comodo Hacker Claims Credit for DigiNotar Attack
The same attacker who claimed to have compromised Comodo in March is now claiming responsibility for the attack on DigiNotar, the Dutch certificate authority that issued fraudulent certificates for several hundred domains in he last few weeks, including Google, Yahoo, Mozilla Add-Ons and several...
GLSA-200912-01 : OpenSSL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200912-01 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been reported in OpenSSL: Marsh Ray of PhoneFactor and Martin Rex of SAP independently reported that the TLS protocol does not properly handle session...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been reported in OpenSSL: Marsh Ray of PhoneFactor and Martin Rex of SAP...