During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
Tavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of...
Some Dell laptops and desktops come with a pre-installed self-signed root certificate under the name of eDellRoot and in some occasions have also an installed another self-signed root certificate under the name of DSDTestProvider. This is a...
Last days was published a new vulnerability related to TSL/SSL protocol called Logjam attack. This vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography (which is an old...
The vulnerability in Microsoft Windows Kerberos KDC could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.
CERT-EU has identified a malware distribution and fraud campaign with focus on german-speaking users.
A privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows has been found.
The SSL protocol 3.0, as used in OpenSSL and other products, uses non-deterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack, aka the "POODLE" issue.
BadUSB is a dangerous USB security flaw that allows attackers to turn a simple USB device into a keyboard, which can then be used to type malicious commands into the victim's computer.
GNU BASH is prone to remote code execution vulnerability. Vulnerable GNU BASH versions processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code.
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a...
Several vulnerabilities have been discovered in OpenSSL library.
This vulnerability affects the client side of the GnuTLS library. A server that sends a specially crafted Server Hello could corrupt the memory of a requesting client.
Cisco Identity Services Engine Software (ISE) is an authentication, authorization, and accounting application.
Internet Explorer 8 is prone to a remote code-execution vulnerability due to a use-after-free condition.
Microsoft has published on a number of new security updates which has been released on May 08, 2014.
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.
Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux.
A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes.
hen network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled.
A number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products.
UPDATE: Microsoft has issued a cumulative security update for Internet Explorer (no 2965111) resolving the publicly disclosed vulnerability (CVE-2014-1776 [1]) as well as other eight privately reported vulnerabilities in IE [2].
The Oracle Critical Patch Update for April 2014 [1] were released.
Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.
VMware product updates address OpenSSL security vulnerabilities.