Security Bulletin: Multiple Vulnerabilities have been identified in IBM Cloud Pak System

Summary Multiple Vulnerabilities have been identified in IBM Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-36090 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large...

GHSA-QC2P-Q7X9-V64P Covert Timing Channel in Apache CXF

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...

GHSA-7V5V-9V8R-W864 Inadequate Encryption Strength in Apache CXF

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay (>=0.4 <=0.5), ch.ralscha:extdirectspring (=1.4.0) +75 more potentially affected by CVE-2014-0054 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.1.RELEASE)

org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =0.1.1-alpha, =0.2-alpha, =1.0.0, =2.0.3.2.1, =2.1.3.10.1, =2.0.3.6, =2.0.3.6, =2.1.2.7.1, =2.0.3.1, =2.1.4.19 and more Source cves: CVE-2014-0054 Source advisory: OSV:GHSA-8CMM-QJ8G-FCP6...

PT-2022-7130 · Pypi +4 · Pyjwt +4

Name of the Vulnerable Software and Affected Versions: PyJWT versions prior to 2.4.0 Description: The issue is related to the implementation of JWT in Python PyJWT, where an attacker can exploit the lack of restrictions on certain open key formats. This allows a remote attacker to impact the...

Design/Logic Flaw

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498...

CVE-2021-20479

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498...

CVE-2021-20479

IBM Cloud Pak System 2.3.0–2.3.3.3 Interim Fix 1 uses weaker cryptographic algorithms, potentially allowing decryption of highly sensitive information. Impact is confidentiality (HIGH); attack vector is NETWORK with no authentication required. Upgrade to IBM Cloud Pak System 2.3.3.4 (fix availabl...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1663)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL Trust Management Issue Vulnerability

OpenSSL is an open source Openssl team's general-purpose cryptographic library capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

OpenSSL Denial of Service Vulnerability (CNVD-2022-37792)

OpenSSL is an open source general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashi...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-1649)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1635)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2022-1612)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of...

Security Bulletin: CVE-2018-1648

Summary The software uses an outdated insecure cipher or it is using a proprietary crypto standard which is likely to be vulnerable. Vulnerability Details CVEID: CVE-2018-1648 Description: IBM QRadar Incident Forensics uses weaker than expected cryptographic algorithms that could allow an attacke...

Code injection

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012...

CVE-2021-39082

CVE-2021-39082 affects IBM UrbanCode Deploy (UCD) container images, where use of weaker cryptographic algorithms can enable decryption of highly sensitive information. IBM’s security bulletin confirms non-unique HTTPS certificates and a shared database encryption key in affected container images,...

CVE-2021-39082

IBM UrbanCode Deploy UCD 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CGAL libcgal Code Execution Vulnerability (CNVD-2022-61373)

CGAL is an open source application by Laurent Rineau. It provides easy access to efficient and reliable geometric algorithms in the form of C libraries. CGAL libcgal CGAL-5.1.1 version contains a code execution vulnerability that can be exploited by attackers to cause out-of-bounds reads and type...

CGAL libcgal Code Execution Vulnerability (CNVD-2022-61372)

CGAL is an open source application by Laurent Rineau. It provides easy access to efficient and reliable geometric algorithms in the form of C libraries. CGAL libcgal suffers from a code execution vulnerability that stems from a specially formatted, incorrectly formatted file that could lead to...