CVE-2018-1648

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653...

IBM QRadar Incident Forensics Information Disclosure Vulnerability (CNVD-2018-25037)

IBM QRadar Incident Forensics is a suite of security forensic investigation software from IBM. The software supports in-depth forensic investigations of suspected malicious network security incidents, and the repair of network security vulnerabilities. A security vulnerability exists in IBM QRada...

The x86 Processor Fuzzer: sandsifter

Your computer is not yours. You may have shelled out thousands of dollars for it. It may be sitting right there on your desk. You may have carved your name deep into its side with a blowtorch and chisel. But it’s still not yours. Some vendors are building secret processor registers into your...

Oracle Linux 7 : gnutls (ELSA-2018-3050)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3050 advisory. - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704, CVE-2018-10845, 1589707 - Added counter-measures for...

Moderate: Red Hat Security Advisory: gnutls security, bug fix, and enhancement update

An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims

ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...

EulerOS Virtualization 2.5.0 : openssl (EulerOS-SA-2018-1339)

According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC...

Security Bulletin: IBM Security Access Manager is affected by multiple vulnerabilities in GSKit

Summary IBM Security Access Manager has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memor...

[SECURITY] Fedora 27 Update: openssl-1.1.0i-1.fc27

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Django -- password hash disclosure

Django release notes: CVE-2018-16984: Password hash disclosure to "view only" admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view but not change permission to the user model were...

Code injection

IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870...

Code injection

IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649...

CVE-2018-1545

IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649...

CVE-2018-1545

IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649...

CVE-2018-1785

CVE-2018-1785 affects IBM Spectrum Protect (formerly Tivoli Storage Manager) in both 7.1 and 8.1 lines for IBM Spectrum Protect Server, Client, and related Virtual Environments components. The vulnerability stems from the use of weaker cryptographic algorithms (notably 3DES) that can permit decry...

CVE-2018-1785

IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870...

[SECURITY] Fedora 28 Update: openssl-1.1.0i-1.fc28

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Quantum Computing and Cryptography

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to...

Security Bulletin: WebSphere DataPower Appliances is affected by multiple issues

Summary WebSphere DataPower Appliances has addressed the following vulnerabilities: CVE-2018-1447 CVE-2018-1388 CVE-2016-0702 CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1428 Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-1571 DESCRIPTION: IBM DB2 for Linux, UNIX and...