588 matches found
openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)
This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 bsc1119105 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack bsc1119069 - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS respond...
openssl security update
1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...
Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384)
Summary IBM MQ Appliance has addressed the following Mozilla Network Security Services NSS vulnerability. Vulnerability Details CVEID: CVE-2018-12384 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caus...
Denial Of Service (DoS)
nss is vulnerable to denial of service DoS attacks. The vulnerability exists as a null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service attacks. The attacks are due to a flaw in the way OpenSSL does the SSLv2 handshake messages. Therefore, when it has SSLv2 and EXPORT-grade cipher suites enabled, attackers can send malicious SSLv2 CLIENT-MASTER-Key messages to cause server failures...
Cipher Bypass
OpenSSL is vulnerable to cipher bypasses. A malicious user can negotiate and complete an SSLv2 handshake with the server even if the ciphers have been disabled on the server. SSLv2 handshakes are vulnerable to man-in-the-middle attacks...
SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:0553-1)
OpenSSL was updated to fix various security issues. Following security issues were fixed : - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...
Security update for mozilla-nss (moderate)
This update for mozilla-nss to version 3.36.6 fixes the following issues: Security issues fixed: - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random bmo1483128, boo1106873 - CVE-2018-12404: Cache side-channel variant of the...
Amazon Linux AMI : nss (ALAS-2018-1095)
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Medium: nss
Issue Overview: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 Affected Packages: nss Note: This advisory is applicable to Amazo...
Medium: nss
Issue Overview: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 Affected Packages: nss Issue Correction: Run yum update nss or yu...
CVE-2018-15355
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...
Code injection
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...
CVE-2018-15355
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...
CVE-2018-15355
The CVE concerns Kraftway 24F2XG Router, firmware 3.5.30.1118, where use of SSLv2/SSLv3 enables decryption of transmitted data. According to connected sources, a remote attacker could perform a man‑in‑the‑middle to decrypt traffic. CVSS metrics indicate Confidentiality Impact High (CVSS‑3.0: base...
SUSE-SU-2018:2181-1 Recommended update for yast2-ftp-server
This update for yast2-ftp-server fixes the following issues: Feature update: fate321043: Added additional searchkeys to desktop file. Security issues fixed: - bsc921303: Drop SSLv2 and SSLv3 as it is dropped for security reason for vsftpd. Bug fixes: - bsc1041829: Do not modify value when Browse...
Security Bulletin: Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Security vulnerabilities have been discovered in the IBM SDK f...
Security Bulletin: A vulnerability in NSS affects PowerKVM
Summary PowerKVM is affected by a vulnerability in Network Security Services NSS. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7502 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a...
Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified
Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect u...
Security Bulletin: Multiple vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified
Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free...