Security Bulletin: Vulnerability in IBM Java, Websphere, OpenSSL, libcurl, and Apache Commons may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management

Summary IBM Spectrum Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management can be affected by logging and security vulnerabilities. This update improves reliability of Java object property handling, modern logging frameworks and...

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2019-17596)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-17596 advisory. - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic...

CVE-2009-4510

The SSH service on the TANDBERG Video Communication Server VCS before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets...

Golang 1.24.x < 1.24.8 / 1.25.x < 1.25.2 Multiple Vulnerabilities (qZN5nc-mBgAJ)

The version of Golang running on the remote host is 1.24.x prior to 1.24.8, 1.25.x prior to 1.25.2. It is, therefore, affected by multiple vulnerabilities as referenced in qZN5nc-mBgAJ advisory. - The Parse function permitted values other than IPv6 addresses to be included in square brackets with...

EUVD-2013-4113

Malware in sbrugna...

EUVD-2006-0239

Malware in sbrugna...

EUVD-2009-0058

Malware in sbrugna...

EUVD-2008-5630

Malware in sbrugna...

EUVD-2009-4476

Malware in sbrugna...

CVE-2025-43023 HP Linux Imaging and Printing Software - Use of DSA Key

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA...

CVE-2021-21387

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...

RLSA-2024:9333 Low: openssl and openssl-fips-provider security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Unbounded memory growth with session handling in TLSv1.3 CVE-2024-2511 openssl: Excessive time...

Siemens SCALANCE M-800 Excessive Iteration (CVE-2024-4603)

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:9333)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9333 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Medium: openssl

Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...

Medium: openssl

Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...

AZL-42058 CVE-2024-4603 affecting package nodejs for versions less than 20.14.0-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

Important: golang

Issue Overview: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. CVE-2019-17596 Affected Packages:...

openssl: NULL dereference validating DSA public key

A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted...

openssl: NULL dereference validating DSA public key

A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted...