Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® WebSphere Real Time (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM® WebSphere Real Time Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® SDK, Java™ Technology Edition (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Datapower Gateways (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Datapower Gateways. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

Legba Incorporated YateBTS Has a Design Vulnerability

Legba Incorporated YateBTS is software for analog protocol stacks for GSM networks. A design vulnerability exists in Legba Incorporated YateBTS. Since the device is exposed to external connections, an attacker could exploit this vulnerability to compromise the BTS transceiver over the Internet. B...

IBM Rational ClearCase Unauthorized Operation Vulnerability

IBM Rational ClearCase is a suite of software configuration management solutions from IBM in the United States. The solution provides version control, workspace management, parallel development support and build auditing. A security vulnerability exists in IBM Rational ClearCase that stems from t...

samba: Samba based active directory domain controller does not enforce smb signing

It was discovered that Samba did not enforce Server Message Block SMB signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server...

samba: Samba based active directory domain controller does not enforce smb signing

It was discovered that Samba did not enforce Server Message Block SMB signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server...

samba: Samba based active directory domain controller does not enforce smb signing

It was discovered that Samba did not enforce Server Message Block SMB signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server...

samba: Samba based active directory domain controller does not enforce smb signing

It was discovered that Samba did not enforce Server Message Block SMB signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server...

Samsung mobile remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Summary A remote attacker to completely have the ability to control user web traffic, the manipulation Samsung phone keyboard update mechanism, and on the target phone using the system user permission to execute code. On Samsung devices pre-installed quick keyboard cannot be disabled also cannot ...

USN-2232-4: OpenSSL regression

USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

CVE-2011-1923

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095...

Design/Logic Flaw

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095...

Tor: Information disclosure

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Impact By setting up a malicio...

TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll

Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...