Lucene search
K

4160 matches found

ThreatPost
ThreatPost
added 2016/01/06 4:1 p.m.11 views

BrainTest Malicious Android Apps Removed From Google Play

Update The Brain Test mobile malware family has once again been evicted from Google Play. Known for piggy-backing on fully functioning mobile applications, the malware’s various iterations try to root Android devices, download malicious APKs and inflate the Google Play ratings of other apps writt...

0.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/12/15 12:0 a.m.58 views

Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2617 advisory. - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - rac...

7.5CVSS7.7AI score0.9986EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2015/12/07 12:0 a.m.59 views

FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0)

OpenSSL project reports : - BNmodexp may produce incorrect results on x8664 CVE-2015-3193 - Certificate verify crash with missing PSS parameter CVE-2015-3194 - X509ATTRIBUTE memory leak CVE-2015-3195 - Race condition handling PSK identify hint CVE-2015-3196 - Anon DH ServerKeyExchange with 0 p...

7.5CVSS7.6AI score0.44016EPSS
Exploits1References7
OpenSSL
OpenSSL
added 2015/12/03 12:0 a.m.55 views

Vulnerability in OpenSSL - Certificate verify crash with missing PSS parameter

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any...

7.6AI score0.44016EPSS
Exploits1Affected Software1
FreeBSD
FreeBSD
added 2015/12/03 12:0 a.m.43 views

openssl -- multiple vulnerabilities

OpenSSL project reports: BNmodexp may produce incorrect results on x8664 CVE-2015-3193 Certificate verify crash with missing PSS parameter CVE-2015-3194 X509ATTRIBUTE memory leak CVE-2015-3195 Race condition handling PSK identify hint CVE-2015-3196 Anon DH ServerKeyExchange with 0 p parameter...

7.5CVSS7.3AI score0.44016EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2015/11/23 12:0 a.m.44 views

wireshark security, bug fix, and enhancement update

1.10.14-7.0.1 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.10.14-7 - Rebase some tvbuff API from upstream to 1.10.14 - Fixes crash when tvblengthremaining is used - Related: CVE-2015-6244 1.10.14-6 - Security patch - Resolves: CVE-2015-3182 1.10.14-5 - Fix crash...

7.8CVSS0.3AI score0.046EPSS
Exploits0
Android Security Bulletins
Android Security Bulletins
added 2015/10/05 12:0 a.m.68 views

Nexus Security Bulletin - October 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48T or later such as LMY48W and Android M with Securit...

10CVSS10AI score0.0316EPSS
Exploits1
ThreatPost
ThreatPost
added 2015/08/27 1:51 p.m.12 views

MassVet Android Malicious App Scanner

Most Android malware samples can be found clinging to some sort of knockoff to a legitimate application. Hiding in plain sight like that, sometimes they find their way into Google Play or any one of the dozens of less-patrolled Android markets. Researchers at Indiana University believe they’ve co...

7.4AI score
Exploits0References2
Android Security Bulletins
Android Security Bulletins
added 2015/08/13 12:0 a.m.48 views

Nexus Security Bulletin—August 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48I or later address these issues. Partners were...

10CVSS8.6AI score0.99064EPSS
Exploits8
RedHat Linux
RedHat Linux
added 2015/07/15 12:37 p.m.6 views

ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)

An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

5CVSS6.6AI score0.04451EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2015/07/15 10:38 a.m.13 views

minecraft-servera.su XSS vulnerability

Vulnerable URL:...

6.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/06/30 4:42 a.m.4 views

OpenSSL: PKCS7 crash with missing EnvelopedContent

A NULL pointer dereference was found in the way OpenSSL handled certain PKCS7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected ...

5CVSS7.1AI score0.22899EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/26 12:0 a.m.40 views

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)

This update of openssl fixes the following security issues : - CVE-2015-4000 bsc931698 - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 - Malformed ECParameters causes infinite...

7.5CVSS7.2AI score0.9986EPSS
Exploits1References24
OPENSUSE Linux
OPENSUSE Linux
added 2015/06/25 11:5 a.m.52 views

Security update for openssl (important)

openssl was updated to fix six security issues. The following vulnerabilities were fixed: CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. boo931698 CVE-2015-1788: Malformed ECParameters causes...

6.8CVSS2.2AI score0.9986EPSS
Exploits1References8
OSV
OSV
added 2015/06/17 2:42 p.m.9 views

SUSE-SU-2015:1143-1 Security update for openssl

This update of openssl fixes the following security issues: - CVE-2015-4000 bsc931698 The Logjam Attack / weakdh.org reject connections with DH parameters shorter than 1024 bits generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 Malformed ECParameters causes infinite loop -...

7.5CVSS6.2AI score0.9986EPSS
Exploits1References17
Arista
Arista
added 2015/06/17 12:0 a.m.104 views

Security Advisory 0011

Security Advisory 0011 PDF Date: June 17th 2015 Revision| Date| Changes ---|---|--- 1.0 | June 17th, 2015 | Initial release 1.1 | November 4th, 2015 | Updated to reflect versions with the fix for tracked bugs. Change in vulnerability status for CVE-2014-8176 Arista Products Vulnerability report f...

7.5CVSS7AI score0.9986EPSS
Exploits2References1
Hacker One
Hacker One
added 2015/05/29 10:44 p.m.27 views

VK.com: Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)

Install the app Login with Valid credentials Settings - Choose Secured connection HTTPS Close the app Set the proxy and Open the app verify that Connection isn't Secured and able to intercept PFA POC Expected Result : Secured layer & SSL PINING should be applied successfully...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2015/04/26 12:0 a.m.31 views

ThinkPHP 默认配置导致验证码暴力破解

简要描述: ThinkPHP 默认配置导致验证码暴力破解 详细说明: 最近用Thinkphp时发现,验证码类默认的check函数在检查完验证码是否正确后,并未重置session,导致可被暴力破解。 写这样的代码,再看看Verify类的check函数, public function check$code, $id = '' $key = $this-authcode$this-seKey.$id; // 验证码不能为空 $secode = session$key; ifempty$code || empty$secode return false; // session 过期...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2015/04/20 12:56 p.m.32 views

Shopify: XSS in experts.shopify.com

Hi, XSS vulnerability in experts.shopify.com, Steps to verify: 1. Go to https://experts.shopify.com 2. Sign up for an expert. Please do note that you must create a new account if you already have, do not use existing account or an account that did not yet apply for an expert then you will ask to...

6AI score
Exploits0
ThreatPost
ThreatPost
added 2015/04/02 1:22 p.m.10 views

Google Report Lauds Android Security Enhancements

Google has put some hard numbers behind the effectiveness of the security enhancements it has dropped into Android in the past year, and results show that things such as SE Linux SE Android, Verify Apps and Safety Net have cut down on successful attacks against the Android operating system,...

6.9AI score
Exploits0References5
Rows per page
Query Builder