55 matches found
Information disclosure
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
CVE-2013-0531
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...
Yahoo Fantasy Football Mobile App Vulnerable to Attack
All but the most recent version of the mobile application for Yahoo’s popular fantasy football service are vulnerable to a session hijack attack in which an unauthenticated person could remotely change team lineups, post messages and perform other mischief on behalf of the legitimate user...
Trouble for Borderlands 2 Players
Some XBOX Live users have violated the online gaming platform’s code of conduct by using a malicious application that allowed them to permanently kill off the characters of other players in the popular ‘Borderlands 2’ video game. On a forum run by the game’s software developer Gearbox, a communit...
Important: Red Hat Security Advisory: openssl security update
An update for the OpenSSL component for JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft Windows that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common...
SSL Certificate Chain Contains Weak RSA Keys
At least one of the X.509 certificates sent by the remote host has a key that is shorter than 1024 bits. Such keys are considered weak due to advances in available computing power decreasing the time required to factor cryptographic keys. Some SSL implementations, notably Microsoft's, may conside...
CVE-2011-4576
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...
CVE-2011-3231
CVE-2011-3231 affects Apple Safari before 5.1.1 on Mac OS X before 10.7. The SSL implementation accesses uninitialized memory during X.509 certificate processing, enabling remote code execution via a crafted certificate. Public records include the NVD entry, vulnerability lists, and Apple’s advis...
CVE-2011-1094
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate...
Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird)
Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDVSA-2010:211 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird)
Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDVSA-2010:211 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:211)
Security issues were identified and fixed in mozilla-thunderbird : The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral...
CVE-2010-3173
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...
CVE-2010-3173
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...
CVE-2010-3173
CVE-2010-3173 affects Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9. Root cause: the SSL DHE (Diffie-Hellman Ephemeral) implementation does not properly enforce a safe minimum DH key length, enabling brute-force ...