Lucene search
K

129 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by WebSphere Application Server underneath IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM SDK Java™ Technology Edition updates in January 2015...

5CVSS6.6AI score0.67234EPSS
Exploits5Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.26 views

Security Bulletin: Current release of IBM® WebSphere Real Time is affected by CVE-2015-0138

Summary "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An I...

4.3CVSS0.8AI score0.03239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.44 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 2 and earlier releases that is used by IBM MQLight. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK...

5CVSS1.5AI score0.67234EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.43 views

Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-0159, CVE-2015-0138 and CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM WebSphere MQ. The GSKit that is shipped with IBM WebSphere MQ contains multiple security vulnerabilities including the "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. Vulnerability Details CVEID:...

9.4CVSS0.8AI score0.03239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.6 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (HP-NSS and OVMS platforms) and Eclipse Paho MQTT C Client libraries (Windows and Linux platforms) (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM WebSphere MQ on HP-NSS and HP OpenVMS platforms. Vulnerability Details CVEID:...

5CVSS6.9AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.47 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Light (CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM MQ Light. IBM MQ Light has addressed the applicable CVEs. Vulnerability Details CVEI...

5CVSS0.8AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.29 views

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition...

4.3CVSS0.03239EPSS
Exploits0Affected Software1
Kitploit
Kitploit
added 2016/08/06 2:46 p.m.595 views

A2SV - Auto Scanning to SSL Vulnerability

█████╗ ██████╗ ███████╗██╗ ██╗ ██╔══██╗╚════██╗██╔════╝██║ ██║ ███████║ █████╔╝███████╗██║ ██║ .o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo...

7.5CVSS7.2AI score0.99999EPSS
Exploits102References6
ThreatPost
ThreatPost
added 2016/08/03 10:0 a.m.14 views

Export-Grade Crypto Patching Improves

LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...

0.2AI score
Exploits0References4
RubySec
RubySec
added 2015/07/21 12:0 a.m.18 views

Logstash: SSL/TLS FREAK Attack

Logstash: SSL/TLS FREAK Attack: Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server...

7.5CVSS6.9AI score0.02462EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2015/06/03 12:0 a.m.5 views

PT-2015-5505

Name of the Vulnerable Software and Affected Versions IBM Java 8 versions before SR1 Description The issue allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. Additionally, a vulnerability in IBM SSL/TLS...

7.5CVSS6.1AI score0.02696EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2015/05/20 11:49 a.m.13 views

Apple Releases Patches For a Watch

What happens when you build a watch that is essentially an absurdly powerful computer that also tells time? You have to patch that watch. And that’s what Apple has done for the first time, releasing a long list of fixes for security problems with the Apple Watch OS. At least one of the...

1.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2015/05/13 12:0 a.m.7 views

PT-2015-4518

Name of the Vulnerable Software and Affected Versions IBM Java versions prior to 8 SR1 IBM Java 7 R1 versions prior to SR2 FP11 IBM Java 7 versions prior to SR9 IBM Java 6 R1 versions prior to SR8 FP4 IBM Java 6 versions prior to SR16 FP4 IBM Java 5.0 versions prior to SR16 FP10 Description The...

9.8CVSS5.8AI score0.04542EPSS
Exploits0References61
myhack58
myhack58
added 2015/05/03 12:0 a.m.19 views

MySQL SSL/TLS connection there is a security vulnerability, by the man in the middle attacks-vulnerability warning-the black bar safety net

Due to the client in the connection to MySQL when the SSL options are used improperly, may cause middle attack. The vulnerability will cause the database to the communication data in plaintext form in the network transmission. Vulnerability details This vulnerability with the client”–ssl”option h...

1.6AI score
Exploits0
IBM AIX
IBM AIX
added 2015/04/13 12:11 p.m.50 views

AIX IBM SDK Java JSSE vulnerability

IBM SECURITY ADVISORY First Issued: Mon Apr 13 12:11:24 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajsseadvisory.asc https://aix.software.ibm.com/aix/efixes/security/javajsseadvisory.asc...

4.3CVSS5.6AI score0.03239EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.36 views

Debian DLA-176-1 : mono security update

Three issues with Mono's TLS stack are addressed. CVE-2015-2318 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. 'SKIP-TLS' CVE-2015-2319 Mono's implementation of SSL/TLS also contained...

9.8CVSS8AI score0.03539EPSS
Exploits0References5
Debian
Debian
added 2015/03/19 12:40 p.m.52 views

[SECURITY] [DLA 176-1] mono security update

Package : mono Version : 2.6.7-5.1+deb6u1 CVE ID : CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Debian Bug : 780751 Three issues with Monos TLS stack are addressed. CVE-2015-2318 Monos implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various...

9.8CVSS8.6AI score0.03539EPSS
Exploits0
OSV
OSV
added 2015/03/19 12:0 a.m.26 views

DLA-176-1 mono - security update

Bulletin has no description...

9.8CVSS8.4AI score0.03539EPSS
Exploits0
ThreatPost
ThreatPost
added 2015/03/17 10:11 a.m.8 views

Shared Keys Simplify, Cheapen FREAK Attacks

UPDATE: First the good news: it would seem that large providers and individual server admins have for the most part found and spiked export-grade cipher suites vulnerable to the FREAK attack. The bad news: It would seem it’s even less expensive than first believed to exploit the remaining servers...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2015/03/12 2:28 p.m.20 views

BlackBerry Warns Many Products Vulnerable to FREAK Attack

BlackBerry is warning customers that a large portion of the company’s product portfolio is vulnerable to the FREAK SSL attack. Many versions of the BlackBerry OS and BlackBerry Enterprise Server are vulnerable to FREAK, as are a number of versions of BlackBerry Messenger. The advisory from...

4.4AI score
Exploits0References2
Rows per page
Query Builder