839 matches found
Fast and Full Featured SSL Scanner: SSLyze
SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. SSLyze is all Python code but it uses an OpenSSL wrapper...
Updated ffmpeg packages fix security vulnerabilities
The updatedimensions function in libavcodec/vp8.c in FFmpeg before 2.4.12, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...
OpenSSL: Race condition handling PSK identify hint
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...
CVE-2015-3196
ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...
DEBIAN-CVE-2015-3196
ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...
[SECURITY] Fedora 21 Update: community-mysql-5.6.27-1.fc21
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
CVE-2015-6761
The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...
Race condition
The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...
CVE-2015-6761
FFmpeg CVE-2015-6761 affects libavcodec/vp8.c (update_dimensions) up to FFmpeg 2.8.1, used by Chrome prior to 46.0.2490.71. Root cause: multi-threaded operation relying on a coefficient-partition count, enabling a race condition that can lead to memory corruption or DoS via crafted WebM files. Mi...
CVE-2015-6761
The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...
[SECURITY] [DLA 322-1] commons-httpclient security update
Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...
DLA-322-1 commons-httpclient - security update
Bulletin has no description...
[SECURITY] Fedora 21 Update: mariadb-10.0.21-1.fc21
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...
CVE-2015-5161
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
Xxe
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
CVE-2015-5161
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
Important: Red Hat Security Advisory: rh-mariadb100-mariadb security update
Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
[SECURITY] Fedora 21 Update: community-mysql-5.6.26-1.fc21
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
[SECURITY] Fedora 23 Update: community-mysql-5.6.26-1.fc23
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
Pupils with EasyFuzzer 1.0 mining software vulnerabilities-vulnerability warning-the black bar safety net
EasyFuzzer is a new fuzzing tool. Currently only supports the file format of the fuzzy test. Features: easy, streamlined, efficient, and intelligent. Easy: very easy to use, does not need any configuration. With his elementary students can also dig vulnerability, don't worry there is no 0day...