RHEL 7 : openssl (RHSA-2019:2304)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2304 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Hidden Algorithm Flaws Expose Websites to DoS Attacks

Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes?...

Signature Verification Bypass

gree/jose is vulnerable to signature verification bypass. The vulnerability exists as there was an issue in the key confusion/algorithm substitution...

CVE-2019-1918

A vulnerability in the implementation of Intermediate SystemtoIntermediate System ISIS routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service DoS condition. The vulnerability is due to incorrect...

Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of Intermediate System–to–Intermediate System IS–IS routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service DoS condition. The vulnerability is due to incorrect...

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

CVE-2016-5431

The CVE concerns the PHP JOSE Library by Gree Inc. prior to version 2.2.1. The underlying issue is key confusion/algorithm substitution in the JWS component, which allows bypassing signature verification with crafted tokens. Affected software/version: PHP JOSE Library

PT-2019-7833 · Php · Php Jose Library

Name of the Vulnerable Software and Affected Versions: PHP JOSE Library versions prior to 2.2.1 Description: The issue allows for key confusion/algorithm substitution in the JWS component, resulting in the bypassing of signature verification via crafted tokens. Recommendations: For versions prior...

openssl: timing side channel attack in the DSA signature algorithm

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

EulerOS 2.0 SP2 : grub2 (EulerOS-SA-2019-1735)

According to the version of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could...

The vulnerability of the Sn5CrPack.sys and Sn5Crypto.sys drivers of the Secret Net Studio information protection system, which allows a hacker to trigger a service failure.

The vulnerability of the Sn5CrPack.sys and Sn5Crypto.sys drivers of the Secret Net Studio information protection system is related to errors in processing changed algorithm parameters. Exploiting this vulnerability can allow an attacker to cause a service failure...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2017-1399)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to a security vulnerability. Use of a Broken or Risky Cryptographic Algorithm. Vulnerability Details CVEID: CVE-2017-1399 DESCRIPTION: IBM Security Identity Governance Virtual Appliance uses...

Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

GHSA-H595-8PW6-5Q6V Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

Information Disclosure

Dnn.Platform is vulnerable to information disclosure. The vulnerability is due to the incomplete fix of CVE-2018-15811 where it encrypts the input parameters using a weak encryption algorithm during the installation...

CVE-2018-15811

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

CVE-2018-18325

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

CVE-2018-15811

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...