Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2016-0475 and CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 15 and earlier releases that is used by Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the...

kernel: The flow_dissector feature allows device tracking

A device tracking vulnerability was found in the flowdissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash instead of siphash is used. The hashmd value remains the same starting from boot ti...

Insecure Hash Function

bcrypt uses an insecure hash function. The data passed into the hash function is not properly hashed when its length is greater than 255 bytes...

Denial Of Service (DoS)

ruby is vulnerable to denial of service. A denial of service flaw was found in the implementation of associative arrays hashes in Ruby. An attacker able to supply a large number of inputs to a Ruby application such as HTTP POST request parameters sent to a web application that are used as keys wh...

CVE-2019-18282

A device tracking vulnerability was found in the flowdissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash instead of siphash is used. The hashmd value remains the same starting from boot ti...

Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary Several vulnerabilities have been addressed for: IBM SDK Java Technology Edition Quarterly CPU Oct 2015, including Oracle Oct 2015 CPU; IBM SDK Java Technology Edition Quarterly CPU Jan 2016, including Oracle Jan 2016 CPU; Java specific SLOTH Weak MD5 Signature Hash; and several OpenSSL...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly...

UPX Floating Point Anomaly Vulnerability

UPX is a portable and extensible executable compression program. A security vulnerability exists in the 'PackLinuxElf::elfhash' function in the plxelf.cpp file in UPX version 3.95. An attacker can exploit this vulnerability to cause an application to crash, resulting in a denial of service...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2015-7575)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 5 and earlier releases that is used by ITNCM. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016...

CVE-2019-12941

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...

Default credentials

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...

CVE-2019-12941

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...

Incorrect implementation of the Streebog hash functions

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

[SECURITY] [DLA 1884-1] linux security update

Package : linux Version : 3.16.72-1 CVE ID : CVE-2017-18509 CVE-2018-20836 CVE-2019-1125 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

Debian DSA-4497-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-8553 Jan Beulich discovered that CVE-2015-2150 was not completely addressed. If a PCI physical function is passed through to a Xen guest, th...

[SECURITY] [DSA 4495-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...

Debian DLA-1862-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2101 Andrey Konovalov discovered that the USB Video Class driver uvcvideo did not consistently handle a type field in device descriptors, whic...

SIAM Conference on Applied Algebraic Geometry 2019 - Isogenies mini-symposium

So here we are in the nice city of Bern, in the Teutonic Switzerland, for SIAM Conference on Applied Algebraic Geometry 2019 that this year counts more than 750 attendees! The weather is warm enough but the isogenies topic has never been so hot! So for this occurrence of the conference Tanja Lang...

EulerOS Virtualization for ARM 64 3.0.1.0 : gnutls (EulerOS-SA-2019-1388)

According to the versions of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote...