Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

Summary Multiple security vulnerabilities have been fixed and delivered in IBM Security Directory Server. Vulnerability Details CVEID: CVE-2019-4551 DESCRIPTION: IBM Security Directory Server does not perform an authentication check for a critical resource or functionality allowing anonymous user...

CVE-2020-5229

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...

CVE-2020-5229 Opencast stores passwords using outdated MD5 hash algorithm

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...

CVE-2020-5229

Opencast CVE-2020-5229 concerns weak password hashing: previous releases stored passwords with MD5 salted by username, causing vulnerability where attacker with DB access could attempt password cracking. Opencast 8.1 switched to bcrypt, but legacy MD5 hashes remain until passwords are updated. Af...

Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4257-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4257-1 advisory. It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use th...

CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate...

GHSA-P9CM-R7JG-8Q3G Incorrect signature verification in SimpleSAMLphp

Background An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation. Description The SimpleSAMLXMLValidator class allows the verification of the XML digital signature of a SAML 1...

Bit Flipping Attack

parsel is vulnerable to bit flipping attack. The use of an insecure cryptographic algorithm aes-256-cbc without any integrity checks causes its ciphertext to be easily broken by bit-flipping attacks...

USN-4233-2 gnutls28 update

USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFYALLOWBROKEN and %VERIFYALLOWSIGNWITHSHA1 priority strings that can be used to temporarily re-enable SHA1 until...

Privilege escalation

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1943)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2008)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1654)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-19411

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

Information disclosure

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

CVE-2019-19411

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

CVE-2019-19411

Huawei USG9500 firewall devices (versions V500R001C30SPC100/200/600, V500R001C60SPC500, V500R005C00SPC100/200) are affected by CVE-2019-19411, an information-leakage vulnerability caused by improper processing of the initialization vector in a specific encryption algorithm. The vulnerability can ...

kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr

In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system...

Google Algorithm Updates vs SEO Strategies

By Uzair Amir Google Algorithm Updates work differently for every website. Some start receiving traffic while some face difficulties... This is a post from HackRead.com Read the original post: Google Algorithm Updates vs SEO Strategies...

Servicing stack update for Windows Server 2008 SP2: April 9, 2019

Servicing stack update for Windows Server 2008 SP2: April 9, 2019 Summary This update makes quality improvements to the servicing stack component that installs Windows updates. Key changes include: Addresses an issue in the servicing stack when you install an update that has been signed by using...