Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM i

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to constru...

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

IBM API Connect Weak Encryption Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version 2018.4.1.7 that stems from the...

Security Bulletin: Password Encryption / Decryption affects IBM Control Center (CVE-2016-0252)

Summary IBM Control Center passwords could be compromised with reverse engineering and other conditions. Vulnerability Details CVEID: CVE-2016-0252 DESCRIPTION: IBM Control Center could allow a local attacker, under special conditions, to decrypt the master key which in turn could be used to...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted...

Code injection

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted...

CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted...

OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors. This issue affects Palo Alto Networks PAN-OS 7.1...

OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors. This issue affects Palo Alto Networks PAN-OS 7.1...

Side Channel Attack

libgcrypt.so is vulnerable to side-channel attack. The vulnerability exists as the library fails to perform ciphertext blinding for the Elgamal decryption, allowing a local attacker to compromise the server's private key through a crafted ciphertext and analyzing the fluctuations in the...

EulerOS 2.0 SP2 : nss (EulerOS-SA-2019-2467)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...

HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability

Potential Security Impact Disclosure and Modification of Information Source: HP, HP Product Security Response Team PSRT Reported by: N/A VULNERABILITY SUMMARY Certain HP printers are vulnerable to the Key Negotiation of Bluetooth KNOB attack. Data over Bluetooth can be intercepted, decrypted, and...

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2013-2228

Removed by vendor...

Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

DEBIAN-CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...