Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

Summary Multiple security vulnerabilities have been fixed and delivered in IBM Security Directory Server. Vulnerability Details CVEID: CVE-2019-4551 DESCRIPTION: IBM Security Directory Server does not perform an authentication check for a critical resource or functionality allowing anonymous user...

Bit Flipping Attack

parsel is vulnerable to bit flipping attack. The use of an insecure cryptographic algorithm aes-256-cbc without any integrity checks causes its ciphertext to be easily broken by bit-flipping attacks...

Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559)

Summary The software does not implement a required step in a cryptographic algorithm Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can...

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2. UPDATE INFORMATION This updated...

Mitsubishi_electric Qj71e71-100 Use of a Broken or Risky Cryptographic Algorithm

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. File data ot500312.nasl...

Microsoft Office365 Integrity Validation / Remote Code Execution

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Microsoft Office 365 / ProPlus 16.0.11929.202.88 docx2docm Protection Bypass Vulnerability

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Google Android

README Repository about the Key Negotiation Of Bluetooth KN...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2017-1399)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to a security vulnerability. Use of a Broken or Risky Cryptographic Algorithm. Vulnerability Details CVEID: CVE-2017-1399 DESCRIPTION: IBM Security Identity Governance Virtual Appliance uses...

IBM Security Key Lifecycle Manager: All Security Bulletins

Summary This page lists all the security bulletins that are released for IBM Security Key Lifecycle Manager. Vulnerability Details Security Bulletin: IBM Security Key Lifecycle Manager stores unencrypted password CVE-2016-6092 --- Security Bulletin: IBM Security Key Lifecycle Manager uses Less...

Integer Overflow

Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or...

Stack-Based Buffer Overflow

Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or...

Code injection

IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925...

OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass

A blog post with further information has been released on this topic as well: https://r.sec-consult.com/osci SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: OSCI-Transport Library 1.2...

PT-2019-5537 · Red Hat +2 · Red Hat +2

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux kernel versions prior to 5.0 Description: A buffer over-read flaw was found in the crypto authenc extractkeys function in the crypto/authenc.c file of the IPsec Cryptographic algorithm's module, authenc. This issue...

Code injection

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653...

Security Bulletin: IBM Content Collector for SAP Applications is affected by GSKit and GSKit-Crypto vulnerabilities

Summary IBM Content Collector for SAP Applications has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Details of the vulnerabilities is mentioned below. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products

Summary Multiple vulnerabilities in the IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak...

Security Bulletin: Vulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products

Summary Vulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this...