Security Bulletin: Security vulnerabilities have been identified in IBM® DB2® shipped with IBM System Networking Element Manager (CVE-2013-6747, CVE-2014-0963)

Summary IBM DB2 is shipped as a component of IBM System Networking Element Manager. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM® DB2® is impacted by multiple TLS/SSL security...

Security Bulletin: Security vulnerabilities have been identified in IBM® DB2® shipped with Tivoli Storage Productivity Center and System Storage Productivity Center (CVE-2013-6747, CVE-2014-0963)

Summary IBM DB2 is shipped as a component of Tivoli Storage Productivity Center and System Storage Productivity Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details Please consult the security bulletin IBM DB2 is...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Business Services Fabric (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Full Profile that is used by WebSphere Business Services Fabric. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

CVE-2022-28166

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers ssl-static-key-ciphers on ports 443 & 18082...

Code injection

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers ssl-static-key-ciphers on ports 443 & 18082...

CVE-2022-28166

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers ssl-static-key-ciphers on ports 443 & 18082...

BSA-2022-1977

Security Advisory ID : BSA-2022-1977 Component : TLS/SSL Revision : 1.0 In Brocade SANnav versions before v2.2.0.2, and v2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers ssl-static-key-ciphers on ports 443 & 18082. Affected Products Brocade SANnav versions befo...

GHSA-WF9J-M9FV-92GQ ovirt-engine-sdk-python improper validation of hostname in x.509 certificate

ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name CN or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an...

ovirt-engine-sdk-python improper validation of hostname in x.509 certificate

ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name CN or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an...

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that eas...

Improper Certificate Validation

cn.hutool:hutool-http is vulnerable to Improper certificate validation. The vulnerability exists due to the insufficient validations of TLS/SSL certificates in verify function in TrustAnyHostnameVerifierof class...

Improper Certificate Validation in Hutool

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

CVE-2022-22885

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

Design/Logic Flaw

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Power Hardware Management Console (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Liberty Profile Version 8.5 that is used by Power Hardware Management Console. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in vario...

Security Bulletin: Vulnerabilities in OpenSSL affect GPFS V3.5 for Windows (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs...

SUSE: Security Advisory (SUSE-SU-2014:0788-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Synergy (CVE-2015-0138, CVE-2014-6593,CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client...

CVE-2020-9746

Adobe Flash Player version 32.0.0.433 and earlier are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default...

Null pointer dereference

Adobe Flash Player version 32.0.0.433 and earlier are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default...