507 matches found
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3840-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3840-1 advisory. Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a...
MGASA-2018-0470 Updated openssl packages fix security vulnerabilities
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
No description provided...
OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can...
Security Bulletin: Rational ClearQuest is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-3470, CVE-2015-0292
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. The OpenSSL component is shipped as embedded in cqperl. Customers might be affected when there is perl hooks or scripts that are using SSL connections. ClearQuest itself doe...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational ClearQuest (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by cqperl and ratlperl for SSL communications. Rational ClearQuest has addressed the...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs, plus three additional vulnerabilities unrelated to the OpenSSL release. Vulnerability Details CVEID:...
Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities
Summary Multiple security vulnerabilities have been identified in OpenSSL that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...
Security Bulletin: Multiple OpenSSL and Non-OpenSSL vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on September 22 and 26,...
Security Bulletin: IBM InfoSphere Guardium Database Activity Monitor is affected by CVE-2014-0221, CVE-2014-0224, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
Summary Guardium appliance is RHEL 5.8 based and uses OpenSSL from Red Hat for communications between appliances. Vulnerability Details CVE-2014-0224 OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-3194, CVE-2015-3196, CVE-2016-0702)
Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 and March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a deni...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3692-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3692-1 advisory. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perfor...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-0209, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)
Summary OpenSSL vulnerabilities were disclosed in March 2015 by the OpenSSL Project. OpenSSL is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2015-0209 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2017-3738, CVE-2017-3737)
Summary Multiple vulnerabilities have been discovered in OpenSSL that was used by IBM FSM SMIA configuration tool commonly known as Network Advisor. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could allow a remote attacker to obta...
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple openssl vulnerabilities
Summary Multiple security vulnerabilities have been discovered in openssl that is embedded in the IBM FSM. This fix addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0799 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a memory...
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple openssl vulnerabilities
Summary Multiple security vulnerabilities have been discovered in openssl that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when...
Security Bulletin: Multiple Vulnerabilities in OpenSSL including Logjam affect IBM Flex System Manager (FSM)
Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by FSM. FSM has addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
Summary OpenSSL vulnerabilities were disclosed in June 2015 by the OpenSSL Project. OpenSSL is used by by IBM Storwize V7000 Unified. IBM Storwize V7000 Unified has addressed the applicable CVEs. Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication...
Security Bulletin: OpenSSL security vulnerabilities in IBM Storwize V7000 Unified (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511)
Summary There are security vulnerabilities related to OpenSSL in IBM Storwize V7000 Unified products. Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2014-3505 DESCRIPTION: OpenSSL is...
Security Bulletin: OpenSSL security vulnerabilities in IBM SONAS (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511)
Summary There are security vulnerabilities related to OpenSSL in IBM SONAS products. Vulnerability Details CVEID: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 DESCRIPTION: OpenSSL is used in IBM SONAS for providing communication security by...