Security Bulletin: A Security Vulnerability affects IBM Cloud Private - CVE-2018-1937

Summary Intra-service communications between IBM Cloud Private Identity and Access Management IAM service and Openshift uses http Vulnerability Details CVEID: CVE-2018-1937 DESCRIPTION: IBM Cloud Private could allow a local user with administrator privileges to intercept highly sensitive...

Protect

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

Cisco RV320 Unauthenticated Diagnostic Data Retrieval

Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others...

Denial Of Service (DoS)

Linux kernal-rt is vulnerable to denial of service. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker can use this flaw to crash, or potentially...

VNC Server Unencrypted Data Transmission

The remote host is running a VNC server providing one or more insecure or cryptographically weak Security Types not intended for use on untrusted networks. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2018-1843)

Summary IBM Cloud Private is vulnerable to a security vulnerability Vulnerability Details CVEID: CVE-2018-1843 DESCRIPTION: The Identity and Access Management IAM services do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It...

F5 Networks BIG-IP : BIG-IP IPsec tunnel endpoint vulnerability (K05263202)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.5.6 / 11.6.1 HF2 / 12.1.2 / 13.0.0. It is, therefore, affected by a vulnerability as referenced in the K05263202 advisory. - When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured...

macOS 10.14.x < 10.14.1 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.1. It is, therefore, affected by multiple vulnerabilities related to the following components : -AppleGraphicsControl -CoreAnimation -CoreCrypto -Dock -dyld -EFI -ICU -IOGraphics -IOKit -IPSec -Kernel -Mail...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)

The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - afpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary -...

macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)

The remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - fpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld ...

[SECURITY] Fedora 29 Update: strongswan-5.7.1-1.fc29

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

About the security content of watchOS 5.1

About the security content of watchOS 5.1 This document describes the security content of watchOS 5.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of tvOS 12.1

About the security content of tvOS 12.1 This document describes the security content of tvOS 12.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

[SECURITY] Fedora 28 Update: strongswan-5.7.1-1.fc28

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

[SECURITY] Fedora 27 Update: strongswan-5.7.1-1.fc27

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

DEBIAN-CVE-2018-17977

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTOAH packets, and IPPROTOIP packets, which allows local users to cause a denial of service memory consumption and system hang by leveraging root access to execute crafted applications, as demonstrated on...

CVE-2018-15397

A vulnerability in the implementation of Traffic Flow Confidentiality TFC over IPsec functionality in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly,...

CVE-2018-15397

A vulnerability in the implementation of Traffic Flow Confidentiality TFC over IPsec functionality in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly,...

CVE-2018-0472

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec...

Design/Logic Flaw

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec...