OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. Fredrik Stromberg of Mullvad said the vulnerability is dangerous because it’s pre-authentication in OpenVPN.
Browsing Tag: vulnerabilities
David Jacoby looked at all of the Web-enabled devices in his house–TV, game console, network storage device–and found a handful of exploitable bugs in them.
A critical remote code execution vulnerability in Bash, present in almost all Linux, UNIX and Mac OS X deployments, has been discovered. Experts advise immediate patching.
Secure smartphone manufacturer Blackphone announced today that it has launched a bug bounty program hosted on the Bugcrowd platform.
Details of a patched privacy vulnerability in MyFitnessPal, a popular fitness and nutrition mobile application, were disclosed this week, three months after a fix was deployed.
Research from the University of Maryland proposes new security metrics that can help enterprises understand risks to their products and prioritize patching and vulnerability management.
The deadline for a syntax change for CVE identifiers is coming on Jan. 13 when the four-digit format will support five or more. Vendors must update vulnerability management products to support the new syntax.
UPDATE–There are several unpatched, remotely exploitable vulnerabilities in a number of Schneider Electric’s SCADA products, one of which could be used to perform a shutdown of the SCADA server. Another of the vulnerabilities is an authentication bypass that could give an attacker access to sensitive data. The vulnerabilities affect a variety of Schneider Electric StruxureWare[...]