2876 matches found
Man-in-the-Middle (MitM)
openssh is vulnerable to man-in-the-middle attack. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. This updat...
CVE-2017-18661
An issue was discovered on Samsung mobile devices with M6.0 and N7.x software. There is a buffer overflow in processciphertdea. The Samsung ID is SVE-2017-8973 July 2017...
CVE-2019-19097 ABB eSOMS: SSL medium strength Cipher Suites
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection...
Security Bulletin: WebSphere Message Broker Toolkit and IBM Integration Toolkit cannot connect to a remote WebSphere Message Broker broker or IBM Integration Bus node with a TLS-compliant cipher (CVE-2015-0118)
Summary WebSphere Message Broker Toolkit and IBM Integration Toolkit cannot connect to remote WebSphere Message Broker or IBM Integration Bus node with a TLS-compliant cipher. Vulnerability Details CVEID: CVE-2015-0118 DESCRIPTION: IBM Integration Toolkit cannot connect to a remote IBM Integratio...
Security Bulletin: TLS padding vulnerability affects IBM Security Access Manager for DataPower (CVE-2014-8730)
Summary IBM Security Access Manager version 8.0.0.5 for DataPower is affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Security Access Manager version 8.0.0.5 for DataPower...
Variant of Paradise Ransomware Targets Office IQY Files
A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization’s network, researchers have found. Lastline Labs’ James Haughom discovered the variant in December in a spam...
Security Bulletin: IBM® Db2® does not explicitly forbid a weaker than expected 3DES cipher when configured to use SSL (CVE-2019-4102).
Summary TLS 1.2 allows the use of 3DES, which has some known weaknesses, among other supported ciphers. Db2 does not forbid the use of 3DES when configured to use TLS 1.2 protocol. Although Db2 does not choose the cipher out of all available ciphers, the weaker ciphers should be explicitly...
Weak SSH Cipher Suites
Communication with SSH servers using weak cipher suites might be prone to attacks trying to intercept secure communications...
Security Bulletin: IBM Aspera WebApps (Shares, Faspex, Console, Orchestrator) and products are affected by OpenSSL Vulnerability (CVE-ID: CVE-2019-1543)
Summary IBM Aspera WebApps Shares, Faspex, Console, Orchestrator products have addressed the following OpenSSL vulnerability Vulnerability Details CVEID: CVE-2019-1543 DESCRIPTION: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539...
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Application Developer for WebSphere Software (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. A...
CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...
Information disclosure
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...
CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...
CVE-2015-2802
CVE-2015-2802 affects HP SiteScope 11.2/11.3 (Windows/Linux/S Solaris) and HP Asset Manager 9.30–9.32, 9.40–9.41, 9.50, plus Asset Manager Cloudsystem Chargeback 9.40. The vulnerability is a TLS RC4/Bar Mitzvah information disclosure, enabling a remote attacker to obtain sensitive information. Th...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1676)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_nss (EulerOS-SA-2016-1070)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1693)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1403)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers
Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...
OPENSUSE-SU-2020:0003-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 68.3esr MFSA 2019-38 bsc1158328 Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction bmo1546331 - CVE-2019-13722: Fixed a stack corruption due to incorrect number of...