206 matches found
Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...
FreeBSD : node.js -- multiple vulnerabilities (0904e81f-a89d-11e8-afbb-bc5ff4f77b71)
Node.js reports : OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in...
Oracle Linux 7 : python (ELSA-2018-2123)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2123 advisory. 2.7.5-69.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 sweet32. Resolves: rhbz158454...
Slack: The POODLE attack (SSLv3 supported) at status.slack.com
@cryptographer found that for some regions, status.slack.com supported an outdated cipher suite, which we've since updated. Thanks @cryptographer! nmap -sV --version-light --script ssl-poodle -p 443 IP...
UBUNTU-CVE-2018-1000520
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtlssslgetverifyresult that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate ...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational DOORS Web Access (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Rational DOORS Web Access. Vulnerability Details Rational DOORS Web Access is affected by the following vulnerability: CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2015-2808)
Summary The RC4 "Bar Mitzvah Attack" for SSL/TLS affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Operational Decision Manager (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Operational Decision Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...
Security update for bouncycastle (moderate)
This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...
Command injection
comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products, after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which...
CVE-2018-6653
The CVE-2018-6653 issue affects Comforte SWAP versions 1049–1069 and 20.0.0–21.5.3 (used in SSLOBJ on HPE NonStop SSL T0910 and in Comforte SecurCS/SecurFTP/SecurLib/SSL-AT/SecurTN). After RELOAD CERTIFICATES, it fails to enforce a strong TLS cipher suite, enabling a remote attacker to sniff traf...
CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...
CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...
IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2017-24357)
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. An information disclosure vulnerability exists in IBM WAS...
Google Android Qualcomm Component Unauthorized Operation Vulnerability (CNVD-2017-26831)
Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm closed-source components are among the closed-source components developed by Qualcomm. A security vulnerability exists in the Qualcomm closed-source component in Android, whi...
UBUNTU-CVE-2015-5244
The NSSCipherSuite option with ciphersuites enabled in modnss before 1.0.12 allows remote attackers to bypass application restrictions...
EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-b...
CVE-2016-6882
MatrixSSL before 3.8.7, when the DHERSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack...
CVE-2016-6882
CVE-2016-6882 concerns MatrixSSL prior to 3.8.7. When DHE_RSA cipher suites are enabled, remote attackers may exploit a Lenstra side-channel to glean RSA private key information. The vulnerability is limited to affected builds of MatrixSSL and is primarily an information-leak risk to private RSA ...
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)
Security Fixes : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 - A denial of service flaw was found in th...