5314 matches found
Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019
Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019 Summary This update makes quality improvements to the servicing stack component that installs Windows updates. Key changes include: Addresses an issue in the servicing stack when you install an update that has...
CVE-2020-1810
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information...
CVE-2020-1810
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information...
Information disclosure
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information...
CVE-2020-1810
CVE-2020-1810 describes a weak RSA algorithm vulnerability in the SSL key exchange used by Huawei products. Affected Huawei devices include CloudEngine 12800, S5700, and S6700 series, with the underlying issue being the use of a weak RSA in the TLS/SSL handshake that can allow information leakage...
CVE-2020-1810
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information...
Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack (CVE-2018-0734)
Summary OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing...
Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Vulnerability ID: HWPSIRT-2019-04082 Th...
[SECURITY] Fedora 31 Update: spamassassin-3.4.3-1.fc31
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email SPAM from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring...
NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signin...
Integer overflow
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...
Authentication flaw
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's cryptopwhashstr is not used...
CVE-2019-19963
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...
DEBIAN-CVE-2019-19963
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...
CVE-2019-19963
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...
UBUNTU-CVE-2019-19963
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...
CVE-2019-19963
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...
CVE-2019-19963
wolfSSL before 4.3.0 in a non-default configuration with DSA enabled is vulnerable. DSA signing uses the BEEA algorithm during nonce modular inversion, enabling a side-channel attack on the nonce. Affected: wolfSSL prior to 4.3.0 (non-default DSA). Remediation: upgrade to 4.3.0-stable (or apply v...
fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution
A heap-based buffer overflow vulnerability was found in GNU FriBidi, an implementation of the Unicode Bidirectional Algorithm bidi. When the flaw is triggered it's possible to manipulate the heap contents, leading to memory corruption causing a denial of service and to arbitrary code execution. T...
Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to (CVE-2019-1559)
Summary The software does not implement a required step in a cryptographic algorithm Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can...