8 matches found
Siemens Brownfield Connectivity Gateway
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions...
CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file
Security Advisory ID : BSA-2022-2073 Component : GNU Coreutils Revision : 1.0 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of...
CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...
CVE-2018-0732. Client DoS due to large DH parameter.
Security Advisory ID : BSA-2022-627 Component : OpenSSL Revision : 1.0 During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key...
Dell Emc Secure Connect Gateway Log Information Disclosure Vulnerability
Dell Emc Secure Connect Gateway Dell Emc Scg is a secure connectivity gateway from Dell, Inc. The vulnerability can be exploited to read sensitive information...
CVE-2020-2517
Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with...
BSA-2015-1935
Security Advisory ID : BSA-2015-1935 Component : TLS protocol 1.2 Revision : 5.0 The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct...