EUVD-2014-0138

Malware in sbrugna...

CVE-2024-56347

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

CVE-2024-56347

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

CVE-2024-56347

IBM AIX nimsh service SSL/TLS implementations (CVE-2024-56347) affect AIX 7.2 and 7.3 (also VIOS 3.1/4.1). Root cause: improper process controls in nimsh allow remote command execution. Impact is remote, unauthenticated access with high/critical severity in the CVSS vector (network, none/low comp...

Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware

LAS VEGAS – Researchers said they found buffer overflow flaws in the firmware for ASRock and ASUS, potentially enabling bad actors to remotely launch man-in-the-middle MITM attacks. The findings, which will be presented Wednesday at Black Hat USA this week by researchers from Eclypsium, show that...

Uber: SSL-protected Reflected XSS in m.uber.com

Summary m.uber.com is susceptible to reflected XSS Security Impact A malformed URL can be used to render arbitrary SSL-protected web pages from m.uber.com Reproduction Steps https://m.uber.com/?bjbxm%3c%2fscript%3e%3cscript%3ealert1%3c%2fscript%3exrii5=1 Specifics From the rendered web page:...

Rockstar Games: Login form on non-HTTPS page

Summary: ======= A page on a microsite is not fully protected by an SSL certificate. This could allow an attacker in a Man-in-the-Middle position to obtain usernames and passwords of users visiting the site. Description: ======= On the Red Dead Redemption subpage, the comments section on news...

MGASA-2015-0279 Updated mariadb package fixes security vulnerabilities

The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled CVE-2015-3152. The Mageia 4 update...

CVE-2014-0041

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2014-0041

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

Low: Red Hat Security Advisory: openstack-heat-templates security update

An updated openstack-heat-templates package that fixes three security issues is now available Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Mixed Content Blocking Appears in Firefox 23

The long-anticipated inclusion of mixed-content blocking in Mozilla Firefox is now at hand, with the security feature showing up in the just-released Firefox 23. The feature, which helps defend users against certain kinds of man-in-the-middle attacks, is on by default in the new browser. Mixed...

Protection against Mozilla Firefox SSL Tampering via non-200 Responses to Proxy CONNECT Requests

Mozilla Firefox, Thunderbird and SeaMonkey use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server. A vulnerability was reported in Mozilla Firefox, a feely available Web browser. The vulnerability resides in the handling of non-2...

For the domestic Enterprise Security ten vulnerabilities-vulnerability warning-the black bar safety net

The growing dependence on Internet applications in the modern enterprise, evolving security threats and changing regulatory standards so that the maintenance of a trusted network environment becomes a major problem. In today's global economic environment, the company enterprise has never been...

SSL protection bypass in Ximian Evolution

Insufficient certificate check on restored connection...

Stock portfolio sent via clear text in Datek Streamer® application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 S4R - A Managed Services Company Security - Systems - Storage - Solutions http://www.s4r.com [email protected] Title: Stock portfolio sent via clear text in Datek Streamer® application Date: November 9, 2001 1. Description Although the user's primary Datek...