Denial Of Service (DoS)

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS clie...

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...

Denial Of Service (DoS)

ruby is vulnerable to denial of service. An attacker able to supply a large number of inputs to a Ruby application such as HTTP POST request parameters sent to a web application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array...

Denial Of Service (DoS)

Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent...

Information Disclosure

Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent...

Man-in-the-Middle (MitM)

nss is vulnerable to man-in-the-middle attack. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2015-7575, CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabili...

CVE-2018-12915

In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calchash in map.c...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Systems Director Storage Control

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Technology Edition, Version 6 that is used by IBM Systems Director Storage Control. These issues was disclosed as part of the IBM Java updates for January 2016, July 2016 and October 2016. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM XIV Gen3 systems and IBM XIV Management Tools (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM XIV Gen3 systems and IBM XIV Management Tools. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2016-0466, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Operations Analytics - Predictive Insights (CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 20 that is used by IBM Operations Analytics - Predictive Insights. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-7575, CVE-2016-0475)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 that is used by Rational Service Tester. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerability...

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine (CVE-2015-7575)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by Rational Publishing Engine. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects Rational Performance Tester (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects Rational Performance Tester. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational BuildForge (CVE-2015-1792)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by Rational BuildForge. Rational Buildforge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1792 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...

Security Bulletin: Vulnerability in IBM Java Runtime affect Rational Policy Tester (CVE-2016-0466, CVE-2015-7575)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8.0 that is used by Rational Policy Tester. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Guardium Data Redaction (CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version1.6 that is used by IBM InfoSphere Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM QRadar SIEM and Incident Forensics. (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM QRadar SIEM and Incident Forensics. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Security Guardium (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Security Guardium Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message...