SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)

This update of openssl fixes the following security issues : - CVE-2015-4000 bsc931698 - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 - Malformed ECParameters causes infinite...

RedHat Update for nss RHSA-2015:1185-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

Command injection

Cisco NX-OS 1.11g on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391...

CVE-2015-4213

Cisco NX-OS 1.11g on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391...

Cisco Nexus 9000 Series Software Password Exposure Vulnerability

A vulnerability in Cisco Nexus 9000 Series Software could allow an authenticated, remote attacker to expose passwords in plain text format. The vulnerability is due to older versions of the affected software retaining the ability to decrypt passwords. An attacker could exploit this vulnerability ...

SUSE-SU-2015:1183-2 Security update for compat-openssl097g

OpenSSL was updated to fix several security issues: CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was fixed...

SUSE-SU-2015:0547-1 Security update for compat-openssl097g

OpenSSL was updated to fix several security issues: CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was fixed...

SUSE-SU-2015:1143-1 Security update for openssl

This update of openssl fixes the following security issues: - CVE-2015-4000 bsc931698 The Logjam Attack / weakdh.org reject connections with DH parameters shorter than 1024 bits generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 Malformed ECParameters causes infinite loop -...

Toshiba CHEC Built-in Encryption Key Information Disclosure Vulnerability

Toshiba CHEC is a product of Toshiba Corporation. Toshiba CHEC has a security vulnerability due to the inclusion of a built-in encryption key in the CreateBossCredentials.jar file. This allows an attacker with access to bossinfo.pro to decrypt content, including BOSS database information, using t...

SUSE-SU-2015:1179-1 Security update for libgcrypt

This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption CVE-2014-3591 FIPS 140-2 related changes: The library performs its self-tests when the module is complete the -hmac file is also...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2631-1)

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A privilege escalation was discovered in the fork syscall via t...

Ubuntu: Security Advisory (USN-2631-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 : kernel (ELSA-2015-1081)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1081 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202860 1185166 CVE-2015-1805 - x86 crypto: aesni - fix memory usage in...

Ubuntu: Security Advisory (USN-2613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-2998

SysAid Help Desk (before version 15.2) is affected by CVE-2015-2998 due to a hardcoded encryption key used to encrypt sensitive data. The vulnerability allows remote attackers to obtain sensitive information by decrypting the database password stored in WEB-INF/conf/serverConf.xml, as demonstrate...

Author Behind Ransomware Tox Calls it Quits, Sells Platform

Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...

Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)

According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.13, 6.0.x prior to 6.0.9, or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL library : - A security feature bypass...

Machines Infected by Locker Ransomware Decrypted

Update: Computers infected by the Locker crypto-ransomware were today decrypted as promised by the malware’s author, who last week posted the decryption keys to an upload site and apologized for releasing the malware. Lawrence Abrams of Bleeping Computer said the infected computers were decrypted...

Rockwell Automation RSView32 Information Disclosure Vulnerability

RSView32 is an HMI system for monitoring and controlling automated machines and processes. A security vulnerability in the encryption method used by RSView32 to create password storage files can lead to unauthorized decryption by software users using an old algorithm, which will disclose the user...