fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution

A heap-based buffer overflow vulnerability was found in GNU FriBidi, an implementation of the Unicode Bidirectional Algorithm bidi. When the flaw is triggered it's possible to manipulate the heap contents, leading to memory corruption causing a denial of service and to arbitrary code execution. T...

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Secure Proxy and Sterling External Authentication Server (CVE-2015-0488, CVE-2015-1916, CVE-2015-2808, CVE-2015-0478, CVE-2015-0204)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.7.0 that is used by Sterling Secure Proxy and Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEI...

CVE-2019-19397

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks...

CVE-2019-19397

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks...

CVE-2019-19397

CVE-2019-19397 concerns Huawei VRP platforms where a weak cryptographic algorithm is enabled by default, exposing potential information leaks. Root cause: default use of weak algorithms in affected Huawei products. CVSS metrics indicate network exposure with high confidentiality impact (C/H) and ...

CVE-2019-19397

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2. UPDATE INFORMATION This updated...

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks. Vulnerability ID: HWPSIRT-2019-02008 This vulnerability has been assigned a Common Vulnerabilities and Exposur...

Manipulating Machine Learning Systems by Manipulating Training Data

Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-ti...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

openssl security update

1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...

openssl security, bug fix, and enhancement update

1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...

Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Executive Summary This advisory addresses CVE-2019-16863. A security vulnerability exists in certain Trusted Platform Module TPM chipsets. The vulnerability weakens key confidentiality protection for a specific algorithm ECDSA. It is important to note that this is a TPM firmware vulnerability, an...

CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

Cross site scripting

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

Mitsubishi_electric Qj71e71-100 Use of a Broken or Risky Cryptographic Algorithm

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. File data ot500312.nasl...

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

Detecting Account Takeover Botnets

A botnet is a network of compromised computers - known as bots - usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets used for account takeover ATO, an attack used to obtain the val...