openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-1432)

This update for openssl-100 fixes the following issues : Security issues fixed : - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respo...

Stack overflow

An issue was discovered in Artifex MuJS 1.0.5. The NumbertoFixed and numtostr implementations in jsnumber.c have a stack-based buffer overflow...

OPENSUSE-SU-2019:0152-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - Fix FIPS RSA generator bsc1118913 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2019:0600-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2019:0512-1)

This update for openssl-11 fixes the following issues : The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations bsc1117951 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

SUSE-SU-2019:0512-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations bsc1117951...

CVE-2019-6265

The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges...

openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2019:0152-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Authorization Bypass

httpd is vulnerable to authorization bypass. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for...

UA-Parser Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-SEC GmbH Security Advisory: X41-2018-009 ReDoS Vulnerability in UA-Parser ================================ Severity Rating: Medium Confirmed Affected Versions: 2015-05-14 and newer, commit 6fd6c261274254bcbbacd77ef4b12534c7f9923d Confirmed...

HASSH - A Network Fingerprinting Standard Which Can Be Used To Identify Specific Client And Server SSH Implementations

"HASSH" is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint. What can HASSH help with: Use in highly controlled, well understood environments...

HeapHopper - A Bounded Model Checking Framework For Heap-implementations

HeapHopper is a bounded model checking framework for Heap-implementations. Setup sudo apt update && sudo apt install build-essential python-dev virtualenvwrapper git clone https://github.com/angr/heaphopper.git && cd ./heaphopper mkvirtualenv -ppython2 heaphopper pip install -e . Required Package...

[SECURITY] Fedora 28 Update: hylafax+-5.6.1-1.fc28

HylaFAXtm is a enterprise-strength fax server supporting Class 1 and 2 fax modems on UNIX systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platform...

Security Bulletin: Multiple vulnerabilities in the IBM Runtime Environments Java Technology Edition, Versions 6 and 7 in TPF Toolkit (CVE-2014-6593, CVE-2015-0410, and CVE-2015-0138)

Summary Multiple security vulnerabilities exist in the IBM® Runtime Environments Java™ Technology Edition, Versions 6 and 7 that are shipped in TPF Toolkit. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE...

Microsoft Offers $100,000 Bounty for Finding Bugs in Its Identity Services

Microsoft today launched a new bug bounty program for bug hunters and researchers finding security vulnerabilities in its "identity services." Hacking into networks and stealing data have become common and easier than ever but not all data holds the same business value or carries the same risk...

CVE-2017-13095

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable...

CVE-2017-13096

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases,...

Security Bulletin: Vulnerability in IBM Java Runtime affects the Enterprise Common Collector component of the IBM Tivoli zEnterprise Monitoring Agent (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by the Enterprise Common Collector a component of IBM Tivoli zEnterprise Monitoring Agent, a component of IBM Tivoli...

Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Web (CVE-2015-0159, CVE-2015-0138, CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM Security Access Manager for Web. The GSKit that is shipped with IBM Security Access Manager for Web contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability...

Security Bulletin: WebSphere MQ is vulnerable to disclosing side channel information via discrepencies between valid and invalid PKCS#1 padding. ROBOT. (CVE-2018-1388)

Summary WebSphere MQ is affected by the ROBOT vulnerability where it may disclose side channel information via discrepencies between valid and invalid PKCS1 padding. Vulnerability Details CVEID: CVE-2018-1388 DESCRIPTION: IBM MQ is vulnerable to TLS implementations may disclose side channel...