The ASN.1 implementation in OpenSSL prior to 1.0.1o and 1.0.2 prior to 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
|Openssl||Openssl||1.0.1n, 1.0.2, 1.0.2a, 1.0.2b|
|Android||4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.3, 4.3.1, 4.4, 4.4.1, 4.4.2, 4.4.3, 5.0, 5.0.1, 5.1, 5.1.0, 6.0, 6.0.1|
|Redhat||Enterprise Linux Desktop||6.0, 7.0|
|Redhat||Enterprise Linux Hpc Node||6.0, 7.0|
|Redhat||Enterprise Linux Hpc Node Eus||7.2|
|Redhat||Enterprise Linux Server||6.0, 7.0|
|Redhat||Enterprise Linux Server Aus||7.2|
|Redhat||Enterprise Linux Server Eus||7.2|
|Redhat||Enterprise Linux Workstation||6.0, 7.0|
This is a small project to keep track of most Moderate-to-Severe SSL/TLS vulnerabilities and count the number of days between publications Updating (easy) If we've missed a vulnerability (we're human too ;P), please feel free to submit a new issue on this repo Updating (harder) To do this, you will need a clone of this repo, so clone it now before we start Once clo
Vuls simulator for Deep Security Simulate Deep Security's coverage for high urgency vulnerability reported by Vuls (This tool is refer to Amazon Inspector with DeepSecurity and DeepSecurity SDK) Description vulssimulator_ds is a CLI tool that simulates Deep Security's coverage for the vulenarebility reported by Vuls It can help you to see the toughness of Deep Sec
satellite-host-cve A script to list CVE's that are either installable or applicable for a host (or all hosts) within one organization Altough Satellite6 gives a nice way to handle errata, there are customers who need to have a view based on CVE's and not on security errata What does code do It lists all CVE's for a host, mapped across it's lifecycle path
SMR-MAY-2018 Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process This SMR package includes patches from Google and Samsung Google patches include patches up to Android Security Bulletin - May 2018 package; and Android security patch level (SPL) of May 1, 2018 includes all of these patches T
The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware.
The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point out, that remains a struggle for Android users who must rely on carriers and handset makers to integrate and distribute Google updates.
The latest Android Security Bulletin, released today, pro...
Two innocent programming blunders breed high-risk flaw
Six security patches – two of them high severity – have been released today for OpenSSL 1.0.1 and 1.0.2.
Last week, the open-source crypto-library project warned that a bunch of fixes were incoming, and true enough, Tuesday’s updates address serious flaws that should be installed as soon as possible.
CVE-2016-2108 is a curious beast; a hybrid of two low-risk bugs that can be fused into a serious problem. The first is a seemingly innocuous issue with the ASN.1 parser whereby if ...