Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2020-1968)

Summary The OpenSSL vulnerability CVE-2020-1968 impacts Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, and Aspera Desktop Client 4.0.0 and earlier. The fix is delivered in Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint and Aspera Desktop Client...

SUSE: Security Advisory (SUSE-SU-2016:0718-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0466-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:0948-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0281-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL 1.0.2 < 1.0.2w Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2w. It is, therefore, affected by a vulnerability as referenced in the 1.0.2w advisory. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in...

Vulnerabilities in OpenSSL affect AIX

IBM SECURITY ADVISORY First Issued: Mon Feb 1 13:42:07 CST 2021 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory32.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory32.asc...

Security Bulletin: CVE-2020-1968 vulnerability in OpenSSL may affect IBM Workload Scheduler

Summary OpenSSL vulnerability CVE-2020-1968 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE Vulnerability Details CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

The Most Backdoor-Looking Bug I’ve Ever Seen

This is the story of a bug that was discovered and fixed in Telegrams self-rolled cryptographic protocol about seven years ago. The bug didnt get any press, and no one seems to know about it, probably because it was only published in Russian. To this day, its the most backdoor-looking bug Ive eve...

Security Bulletin:Vulnerability in Diffie-Hellman ciphers affects Rational Synergy (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Synergy Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey ...

MGASA-2020-0465 Updated compat-openssl10 packages fix security vulnerabilities

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

Updated mbedtls packages fix security vulnerabilities

This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...

Updated compat-openssl10 packages fix security vulnerabilities

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

CVE-2020-15023

Askey AP5100W devices through AP5100WDualSIG1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute...

CVE-2020-15023

Askey AP5100W devices through AP5100WDualSIG1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute...

CVE-2020-15023

Askey AP5100W devices through AP5100WDualSIG1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute...

CVE-2020-15023

Askey AP5100W devices through AP5100WDualSIG1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute...

Askey AP5100W Dual SIG Security Feature Issue Vulnerability

The Askey AP5100W Dual SIG is a router from China-based Askey Electronics Technology Askey. The Askey AP5100W Dual SIG suffers from a security signature issue vulnerability that stems from a faulty random number selection in the Diffie-Hellman exchange. By capturing an attempted or even failed WP...

Security Bulletin: OpenSSL vulnerability CVE-2020-1968 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier

Summary OpenSSL vulnerability CVE-2020-1968 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0 with...

SUSE SLED15 / SLES15 Security Update : libssh2_org (SUSE-SU-2020:3551-1)

This update for libssh2org fixes the following issues : Version update to 1.9.0: bsc1178083, jscSLE-16922 Enhancements and bugfixes : - adds ECDSA keys and host key support when using OpenSSL - adds ED25519 key and host key support when using OpenSSL 1.1.1 - adds OpenSSH style key file reading -...