Code injection

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

SUSE-SU-2019:0600-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

SUSE-SU-2019:0572-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

MGASA-2019-0106 Updated openssl packages fix security vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

[ASA-201903-6] lib32-openssl-1.0: information disclosure

Arch Linux Security Advisory ASA-201903-6 ========================================= Severity: Medium Date : 2019-03-03 CVE-ID : CVE-2019-1559 Package : lib32-openssl-1.0 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-918 Summary ======= The package...

Padding Oracle Attack

openssl is vulnerable to padding oracle attacks. In the event of a fatal protocol error and SSLshutdown is called twice, an attacker is able to perform a padding oracle attack to decrypt data by sending a 0 byte record with invalid padding, causing the application to behave differently due to...

Design/Logic Flaw

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

USN-3899-1 openssl, openssl1.0 vulnerability

Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data...

CVE-2017-1695

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177...

CVE-2018-1665

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891...

CVE-2018-1814

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018...

CVE-2018-1648

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653...

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...

CVE-2018-0434

A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected...

Hardcoded credentials

An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password...

CVE-2018-15753

The CVE-2018-15753 entry concerns MensaMax Android app (com.breustedt.mensamax) version 4.3. The issue is a hard-coded DES cryptographic key embedded in the app, which allows an attacker who decompiles the APK to decrypt transmitted data (e.g., login username and password). Public references note...

Information Disclosure Vulnerability in Multiple IBM Products (CNVD-2018-20095)

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from U.S.-based IBM that provides organizations with a single point of control and management, and support for backup and recovery of virtual, physical and cloud environments of all sizes. An...

CVE-2018-1785

IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870...

CVE-2018-1545

IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649...

Kraftway 24F2XG Router Information Disclosure Vulnerability

The Kraftway 24F2XG Router is a wireless router product from the Russian company Kraftway. A security vulnerability exists in the Kraftway 24F2XG Router using firmware version 3.5.30.1118, which originates from the program's use of SSLv2 and SSLv3. A remote attacker could use this vulnerability t...