Security Bulletin: Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885).

Summary Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability CVE-2025-8885. The FIPS 140-2 Bouncy Castle Crypto package has been updated in order to address the vulnerability. Vulnerability...

EUVD-2016-0341

Malware in sbrugna...

EUVD-2023-31094

Malicious code in bioql PyPI...

[SECURITY] Fedora 40 Update: wolfssl-5.7.2-2.fc40

The wolfSSL embedded SSL library formerly CyaSSL is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well...

NetApp ONTAP 9.12.1P8 / 9.13.1P4 / 9.13.1P5 Information Disclosure (NTAP-20231215-0001)

The version of NetApp ONTAP running on the remote host is 9.12.1P8, 9.13.1P4 or 9.13.1P5. It ts, therefore, affected by an information disclosure vulnerability as detailed in the NTAP-20231215-0001 advisory. All SAS-attached FIPS 140-2 drives become unlocked after a system reboot or power cycle a...

CVE-2023-27317

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to...

CVE-2023-27317 Information Disclosure Vulnerability in ONTAP 9

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to...

CVE-2023-27317

CVE-2023-27317 affects NetApp ONTAP 9.12.1P8, 9.13.1P4 and 9.13.1P5. The issue causes SAS-attached FIPS 140-2 drives to become unlocked after a reboot/power cycle or after reinsertion, enabling potential disclosure of sensitive information to an attacker with physical access. The documents do not...

CVE-2023-27317 Information Disclosure Vulnerability in ONTAP 9

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to...

python39:3.9 and python39-devel:3.9 security update

modwsgi 4.7.1-7 - Bump release for rebuild Resolves: rhbz2213595 4.7.1-6 - Remove rpath Resolves: rhbz2213837 numpy 1.19.4-3 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 1.19.4-2 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz187743...

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix, Charles McFarland, Sam Quinn · November 1, 2022 This story was also written by Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that were fix...

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix and Sam Quinn · November 1, 2022 This story was also written by Charles McFarland and Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that we...

Security Bulletin: Vulnerability in RC4 stream cipher affects Multiple N-series Products (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Multiple N-series Products Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit thi...

IBM WebSphere Application Server 7.0.0.x < 7.0.0.41 / 8.0.0.x < 8.0.0.13 / 8.5.x < 8.5.5.10 MiTM (CVE-2016-0306)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x prior to 7.0.0.41, 8.0.0.x prior to 8.0.0.13, 8.5.0.x prior to 8.5.5.10. It is, therefore, affected by a vulnerability due to weaker than expected security caused by the improper TLS configuration if FIPS 140-2 is...

Side channel timing attacks against (EC)DSA in RSA BSAFE CVE-2019-3739/CVE-2019-3740 - Project Wycheproof is the AFL for Cryptography

About a year ago I wrote this tweet and now I can finally justify it Project Wycheproof https://t.co/wBz9P8atHs is the AFL https://t.co/JM2l557PZi of crypto. Thanks a lot @XorNinja and team notably including Bleichenbacher for providing such a powerful tool — Antonio Sanso @asanso April 9, 2018 i...

Encryption of Federal Data

One of the biggest challenges our customers face when pursuing Federal Risk and Authorization Management Program FedRAMP compliance is the federal mandate that Federal Information Processing Standards FIPS 140-2 validated cryptographic modules must be consistently applied where cryptography is...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus (CVE-2016-0306)

Summary WebSphere Application Server is shipped as a component of WebSphere Enterprise Service Bus. Information about the security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Potential...

Security Bulletin: A security vulnerability in FIPS140-2 has been identified in WebSphere Application Server shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager

Summary IBM WebSphere Application server is shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager. There is a potential security vulnerability in IBM WebSphere Application Server if FIPS 140-2 is enabled. Vulnerability Details Refer to the security bulletin in the...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation when the optional FIPS 140-2 data-in-motion feature is enabled o...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Worklight (CVE-2014-3509, CVE-2014-5139)

Summary There are multiple vulnerabilities in OpenSSL that is used by the optional FIPS 140-2 data-in-motion feature in IBM Worklight. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-3509 DESCRIPTION: OpenSSL is vulnerable to a denial o...