Microsoft to Kill Updates for Legacy OS Using SHA-1

Microsoft is in the process of phasing out use of the Secure Hash Algorithm 1 SHA-1 code-signing encryption to deliver Windows OS updates – announcing that customers running legacy OS versions will be required to have SHA-2 code-signing support installed on their devices by July 2019. No SHA-2...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...

Blockchain and Trust

In his 2008 white paper that first proposed bitcoin, the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain, the system behind bitcoin cryptocurrency. The circumvention of trust is a great...

Debian DLA-1661-1 : mumble security update

It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message flood. With the new security update a rate limiter is added with Leaky-Bucket algorith...

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with...

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with an affine transform and used as a clipping region for drawing...

Debian: Security Advisory (DLA-1661-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass

A blog post with further information has been released on this topic as well: https://r.sec-consult.com/osci SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: OSCI-Transport Library 1.2...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software

Summary Multiple Node.js vulnerabilities were disclosed by the Node.js project. Node.js is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details...

OpenSSL 1.0.2 < 1.0.2q Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2q. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2q advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a...

CVE-2018-1751

IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512...

Security Bulletin: OpenSSL vunerability

Summary IBM MessageSight has addressed the following vulnerability. OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm ...

Denial Of Service (DoS)

gnutls is vulnerable to denial of service DoS attacks. The vulnerability exists as the gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c allows remote attackers to cause a denial of service through a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS,...

PORTIER 4.4.4.2 / 4.4.4.6 Cryptographic Issues Exploit

Exploit for php platform in category web applications PORTIER 4.4.4.2 / 4.4.4.6 Cryptographic Issues Exploit Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: Cryptographic Issues CWE-310 Risk Level: HIGH Solution Status: Open Manufacturer...

PORTIER 4.4.4.2 / 4.4.4.6 Cryptographic Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-011 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: Cryptographic Issues CWE-310 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-13 Solution...

PT-2019-5537 · Red Hat +2 · Red Hat +2

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux kernel versions prior to 5.0 Description: A buffer over-read flaw was found in the crypto authenc extractkeys function in the crypto/authenc.c file of the IPsec Cryptographic algorithm's module, authenc. This issue...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4301 advisory. - mnt: Prevent pivotroot from creating a loop in the mount tree Eric W. Biederman Orabug: 26575709 CVE-2014-7970 CVE-2014-7970 - vfs: more mntparen...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4299)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4299 advisory. - xfs: don't call xfsdashrinkinode with NULL bp Eric Sandeen Orabug: 28898616 CVE-2018-13094 - ALSA: rawmidi: Change resized buffers atomically...

Facebook WhatsApp Desktop Multiple Web Connection Notice Bypass Vulnerability

Summary An exploitable notice bypass vulnerability exists in the multiple web connections functionality of Facebook WhatsApp Desktop version 0.2.9739. This functionality allows a user to choose what to do when multiple desktop sessions are initiated using WhatsApp Desktop. By stealing the session...

Code injection

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653...