SUSE-SU-2018:0230-1 Security update for curl

This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects bsc1077001 This non-security issue was fixed: - Set DEFAULTSUSE as the default cipher list bsc1027712...

SUSE-SU-2018:0214-1 Security update for curl

This update for curl fixes several issues. These security issues were fixed: - CVE-2017-1000254: Fix FTP PWD response parser out of bounds read bsc1061876. - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects bsc1077001 Also the following adjustment wa...

SUSE-SU-2018:0112-1 Security update for openssl

This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-7056: ECSDA P-256 timing attack key recovery bsc1019334 - CVE-2017-3731: Truncated packet could crash via OOB read bsc1022085 - CVE-2016-8610: remote denial of service in SSL alert handling bsc1005878 -...

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

Design/Logic Flaw

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

CVE-2015-2319

CVE-2015-2319: Mono’s TLS stack vulnerability (pre-3.12.1) facilitates cipher-downgrade to EXPORT_RSA ciphers via crafted TLS traffic, related to the FREAK issue. The advisory notes this is a distinct issue from CVE-2015-0204. Affected product: Mono TLS up to version 3.12.0; fix is to upgrade to ...

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AFALG-based skcipher interface CONFIGCRYPTOUSERAPISKCIPHER to cause a denial of service uninitialized-memory free and kernel crash or have...

UBUNTU-CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AFALG-based skcipher interface CONFIGCRYPTOUSERAPISKCIPHER to cause a denial of service uninitialized-memory free and kernel crash or have...

Weak Implementation Of Password Cipher

nexus-ldap-common contains a weak implementation of password cipher. It stores the LDAP bind password using the PBE Key Spec with only 23 iterations and a hard-coded password. This allows the cipher to be easily defeated...

openSUSE Security Update : openssl (openSUSE-2017-1324)

This update for openssl fixes the following issues : Security issues fixed : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read bsc1056058 - CVE-2017-3736: openssl: bnsqrx8xinternal carry bug on x8664 bsc1066242 - Out of bounds read+crash in DESfcrypt bsc106536...

CVE-2017-17427

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

CVE-2017-17427

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

Code injection

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

CVE-2017-17427

CVE-2017-17427 concerns Radware Alteon devices with firmware 31.0.0.0–31.0.3.0, vulnerable to a Bleichenbacher adaptive-chosen ciphertext attack on RSA. This could enable decryption of observed RSA-encrypted traffic and conduct other private-key operations. Connected sources corroborate the vulne...

CVE-2017-17427

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

CVE-2017-13099

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...