Security Bulletin: IBM Data Science Experience Local is affected by how we store keystore and truststore passwords

Summary IBM Data Science Experience Local has addressed the following vulnerability. Data Science Experience Local is hardcoding the keystore truststore passwords. The 1.2.1 release fixes this vulnerability. Vulnerability Details CVEID: Not Applicable DESCRIPTION: No CVE description. CVSS Base...

CVE-2017-15828

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow...

Integer overflow

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow...

CVE-2017-15828

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow...

CVE-2017-15828

CVE-2017-15828 affects CAF builds of Android (Android for MSM, Firefox OS for MSM, QRD Android) running on the Linux kernel. The vulnerability is an integer overflow during keystore access in LK, which may lead to a buffer overflow. Public references in the provided documents confirm the issue an...

Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability

Summary IBM Data Science Experience Local has addressed the following vulnerability. Password for Data Science Experience Local Hadoop Integration Knox Gateway was hard-coded. Password for Data Science Experience Local Keystore and Truststore was hard-coded. Credentials for Data Science Experienc...

Elasticsearch ESA-2018-10

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API.Although it is advised in the 6.X snapshot API...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-637)

This update for java-170-openjdk to version 7u181 fixes the following issues : + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent...

Security Bulletin: Vulnerability in Apache Tomcat affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2016-3092)

Summary Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component, and is supplied with specific versions of Rational Lifecycle Integration Adapter for HP ALM. By sending file upload requests, an attacker could exploit this vulnerability to...

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

Security Bulletin: IBM WebSphere MQ keystore password traced by mqcertck on IBM i platform (CVE-2015-7462)

Summary The mqcertck tool which was newly added in MQ 8.0.0.4 could trace certificate keystore passwords. Vulnerability Details CVEID: CVE-2015-7462 DESCRIPTION: IBM WebSphere MQ could allow a local user with administrator privileges to decrypt other MQ administrators passwords by using the...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® WebSphere Real Time

Summary Java SE issues disclosed in the Oracle July 2014 Critical Patch Update, plus 2 additional vulnerabilities Vulnerability Details CVE IDs: CVE-2014-3086 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-426...

heinekingmedia StashCat for Android Hardcoded Password Vulnerability

heinekingmedia StashCat for Android is an Android-based enterprise communication software from the German company heinekingmedia. A security vulnerability exists in heinekingmedia StashCat 1.7.5 and earlier versions for the Android platform, which stems from the program's use of hard-coded...

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

CVE-2014-6111

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to...

Unspecified Vulnerability in Bouncy Castle BKS-V1

Bouncy Castle is a cryptographic library for C and Java applications.BKS-V1 is one of the secret key storage format. A security vulnerability exists in Bouncy Castle BKS-V1, which stems from the fact that the length of the HMAC used in Bouncy Castle BKS-V1 files is only 16 bits. An attacker could...

CVE-2018-5382

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...

CVE-2018-5382

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...

DEBIAN-CVE-2018-5382

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...