Lucene search
K

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/11/16 4:20 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by Host On-Demand. Host On-Demand has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-2964 DESCRIPTION: An unspecified vulnerability related to the Java SE Deployment component could...

10CVSS0.6AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/23 3:50 p.m.28 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Upgrade the JRE in order to resolve the...

10CVSS1.1AI score0.26335EPSS
Exploits1Affected Software2
RedHat Linux
RedHat Linux
added 2018/08/28 7:19 p.m.5 views

OpenSSL: Double-free in DSA code

A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...

10CVSS7.3AI score0.26335EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/11 7:3 p.m.40 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library

Summary Db2 is affected by multiple vulnerabilities in the GSKit library. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitectur...

10CVSS0.2AI score0.26335EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:15 p.m.41 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Enterprise Content Management System Monitor

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Enterprise Content Management System Monitor has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-0703 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...

10CVSS1.6AI score0.27022EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/03/11 12:0 a.m.47 views

Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is...

10CVSS8.5AI score0.82112EPSS
Exploits2References9
ArchLinux
ArchLinux
added 2016/03/07 12:0 a.m.59 views

openssl: multiple issues

CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...

10CVSS5AI score0.82112EPSS
Exploits2References7
OSV
OSV
added 2016/03/02 6:28 p.m.13 views

MGASA-2016-0093 Updated openssl packages fix security vulnerabilities

Update openssl packages fix security vulnerabilities: Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the...

10CVSS8.5AI score0.32414EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2016/03/02 12:0 a.m.44 views

Ubuntu: Security Advisory (USN-2914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.3AI score0.32414EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2016/03/02 12:0 a.m.90 views

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2914-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2914-1 advisory. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs...

10CVSS7.8AI score0.32414EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2016/03/01 4:7 p.m.88 views

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

10CVSS7.4AI score0.82112EPSS
Exploits2References11
OSV
OSV
added 2016/03/01 12:0 a.m.56 views

DSA-3500-1 openssl - security update

Bulletin has no description...

10CVSS6.5AI score0.53655EPSS
Exploits1
NVD
NVD
added 2008/12/17 8:30 p.m.23 views

CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

7.5CVSS6.4AI score0.03346EPSS
Exploits0References3
Prion
Prion
added 2008/12/17 8:30 p.m.19 views

Design/Logic Flaw

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

7.5CVSS6.9AI score0.03346EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2008/12/17 8:30 p.m.31 views

CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

7.5CVSS5.9AI score0.03346EPSS
Exploits0References2
Cvelist
Cvelist
added 2008/12/17 8:0 p.m.27 views

CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

6.4AI score0.03346EPSS
Exploits0References3
Rows per page
Query Builder