55 matches found
EUVD-2016-0341
Malware in sbrugna...
[SECURITY] Fedora 40 Update: wolfssl-5.7.2-2.fc40
The wolfSSL embedded SSL library formerly CyaSSL is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well...
NetApp ONTAP 9.12.1P8 / 9.13.1P4 / 9.13.1P5 Information Disclosure (NTAP-20231215-0001)
The version of NetApp ONTAP running on the remote host is 9.12.1P8, 9.13.1P4 or 9.13.1P5. It ts, therefore, affected by an information disclosure vulnerability as detailed in the NTAP-20231215-0001 advisory. All SAS-attached FIPS 140-2 drives become unlocked after a system reboot or power cycle a...
CVE-2023-27317
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to...
CVE-2023-27317
CVE-2023-27317 affects NetApp ONTAP 9.12.1P8, 9.13.1P4 and 9.13.1P5. The issue causes SAS-attached FIPS 140-2 drives to become unlocked after a reboot/power cycle or after reinsertion, enabling potential disclosure of sensitive information to an attacker with physical access. The documents do not...
CVE-2023-27317 Information Disclosure Vulnerability in ONTAP 9
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to...
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix and Sam Quinn · November 1, 2022 This story was also written by Charles McFarland and Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that we...
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix, Charles McFarland, Sam Quinn · November 1, 2022 This story was also written by Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that were fix...
IBM WebSphere Application Server 7.0.0.x < 7.0.0.41 / 8.0.0.x < 8.0.0.13 / 8.5.x < 8.5.5.10 MiTM (CVE-2016-0306)
The IBM WebSphere Application Server running on the remote host is version 7.0.0.x prior to 7.0.0.41, 8.0.0.x prior to 8.0.0.13, 8.5.0.x prior to 8.5.5.10. It is, therefore, affected by a vulnerability due to weaker than expected security caused by the improper TLS configuration if FIPS 140-2 is...
Side channel timing attacks against (EC)DSA in RSA BSAFE CVE-2019-3739/CVE-2019-3740 - Project Wycheproof is the AFL for Cryptography
About a year ago I wrote this tweet and now I can finally justify it Project Wycheproof https://t.co/wBz9P8atHs is the AFL https://t.co/JM2l557PZi of crypto. Thanks a lot @XorNinja and team notably including Bleichenbacher for providing such a powerful tool — Antonio Sanso @asanso April 9, 2018 i...
Encryption of Federal Data
One of the biggest challenges our customers face when pursuing Federal Risk and Authorization Management Program FedRAMP compliance is the federal mandate that Federal Information Processing Standards FIPS 140-2 validated cryptographic modules must be consistently applied where cryptography is...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus (CVE-2016-0306)
Summary WebSphere Application Server is shipped as a component of WebSphere Enterprise Service Bus. Information about the security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Potential...
Security Bulletin: A security vulnerability in FIPS140-2 has been identified in WebSphere Application Server shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager
Summary IBM WebSphere Application server is shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager. There is a potential security vulnerability in IBM WebSphere Application Server if FIPS 140-2 is enabled. Vulnerability Details Refer to the security bulletin in the...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation when the optional FIPS 140-2 data-in-motion feature is enabled o...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Worklight (CVE-2014-3509, CVE-2014-5139)
Summary There are multiple vulnerabilities in OpenSSL that is used by the optional FIPS 140-2 data-in-motion feature in IBM Worklight. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-3509 DESCRIPTION: OpenSSL is vulnerable to a denial o...
Security Bulletin: IBM Worklight is affected by a vulnerability in OpenSSL (CVE-2014-0160)
Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL might allow a remote attacker to obtain sensitive information, which is caused by an error in the TLS/DTLS heartbeat functionality. An attacker might exploit this...
Security Bulletin: A security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2016-0306)
Summary Websphere Application Server is shipped as a component of Jazz for Service Management. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Please refer the WAS security bulletin Security Bulleti...
Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2016-0306)
Summary Embedded Websphere Application Server eWAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting eWAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Vulnerability in Potential...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server which will affect Rational Asset Manager(CVE-2016-0306)
Summary IBM WebSphere Application Server is ran as a server of Rational Asset Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin:...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software (CVE-2016-0306)
Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin...