ATENTIONβΌ New - CVE-2015-2060
π Read
via "National Vulnerability Database".
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1855
π Read
via "National Vulnerability Database".
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-0837
π Read
via "National Vulnerability Database".
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-9356
π Read
via "National Vulnerability Database".
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-3591
π Read
via "National Vulnerability Database".
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7484
π Read
via "National Vulnerability Database".
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4410
π Read
via "National Vulnerability Database".
ReviewBoard: has an access-control problem in REST APIπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-5562
π Read
via "National Vulnerability Database".
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satelliteπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4576
π Read
via "National Vulnerability Database".
FreeBSD: Input Validation Flaw allows local users to gain elevated privilegesπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4526
π Read
via "National Vulnerability Database".
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4525
π Read
via "National Vulnerability Database".
piwigo has XSS in password.phpπ Read
via "National Vulnerability Database".
π΄ Leveraging the Cloud for Cyber Intelligence π΄
π Read
via "Dark Reading: ".
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2013-2228
π Read
via "National Vulnerability Database".
SaltStack RSA Key Generation allows remote users to decrypt communicationsπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2106
π Read
via "National Vulnerability Database".
webauth before 4.6.1 has authentication credential disclosureπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2103
π Read
via "National Vulnerability Database".
OpenShift cartridge allows remote URL retrievalπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2101
π Read
via "National Vulnerability Database".
Katello has multiple XSS issues in various entitiesπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4525
π Read
via "National Vulnerability Database".
piwigo has XSS in password.phpπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4480
π Read
via "National Vulnerability Database".
mom creates world-writable pid files in /var/runπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4428
π Read
via "National Vulnerability Database".
openslp: SLPIntersectStringList()' Function has a DoS vulnerabilityπ Read
via "National Vulnerability Database".
π΄ Siemens Offers Workarounds for Newly Found PLC Vulnerability π΄
π Read
via "Dark Reading: ".
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.π Read
via "Dark Reading: ".
Dark Reading
Siemens Offers Workarounds for Newly Found PLC Vulnerability
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.
β Critical Android Flaw Leads to βPermanent DoSβ β
π Read
via "Threatpost".
The December security update stomped out critical denial-of-service (DoS) and remote-code-execution (RCE) vulnerabilities in the Android operating system.π Read
via "Threatpost".
Threat Post
Critical Android Flaw Leads to βPermanent DoSβ
The December security update stomped out critical denial-of-service (DoS) and remote-code-execution (RCE) vulnerabilities in the Android operating system.