16 matches found
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by Host On-Demand. Host On-Demand has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-2964 DESCRIPTION: An unspecified vulnerability related to the Java SE Deployment component could...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Upgrade the JRE in order to resolve the...
OpenSSL: Double-free in DSA code
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library
Summary Db2 is affected by multiple vulnerabilities in the GSKit library. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitectur...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Enterprise Content Management System Monitor
Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Enterprise Content Management System Monitor has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-0703 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...
Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is...
openssl: multiple issues
CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...
MGASA-2016-0093 Updated openssl packages fix security vulnerabilities
Update openssl packages fix security vulnerabilities: Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the...
Ubuntu: Security Advisory (USN-2914-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2914-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2914-1 advisory. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs...
Important: Red Hat Security Advisory: openssl security update
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
DSA-3500-1 openssl - security update
Bulletin has no description...
CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
Design/Logic Flaw
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...