Security Bulletin: Vulnerability in IBM Rational ClearCase (GSKit component) with potential for TLS Attack (CVE-2013-0169)

Summary The IBM GSKit component used in Rational ClearCase is susceptible to a Transport Layer Security protocol used in HTTPS vulnerability known as "Lucky Thirteen." The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzi...

AppLayering 4.x - OS layer creation fails with error "An error occurred. The required file 'OSType.txt' was not found on your OS disk. Please obtain the application layering OS machine tools, run 'Setup_x64.exe' on your OS image"

While creating the OS layer in AppLayering 4.x we get the error message: An error occurred. The required file 'OSType.txt' was not found on your OS disk. Please obtain the application layering OS machine tools, run 'Setupx64.exe' on your OS image, and then try creating the OS layer again...

No Apps Left Behind on Your Zero Trust Journey

Complexity kills productivity. When it comes to enabling application access, enterprises should not have to choose between user experience and complex techniques that ensure application security. Traditionally, perimeter security is built on an assumption that whatever is inside the perimeter is...

The vulnerability of the Qualcomm Radio Interface Layer component in the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Radio Interface Layer component in the Android operating system is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of protected...

The vulnerability of the Qualcomm Radio Interface Layer component in the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Radio Interface Layer component in the Android operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected informati...

Dell EMC iDRAC9 SSL/TLS Protection Stripping Vulnerability

Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. A security vulnerability exists in Dell EMC iDRAC9 versions prior to 3.21.21.21, which stems...

ThreatList: Top Summer DDoS Trends

On Tuesday, Akamai released a report on the year’s biggest distributed denial of service DDoS attacks. The report illustrates how this time-tested attack method continues to morph and adopt new tricks, and discusses trends to watch as we move into the summer months. According to the study, Summer...

Researchers Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on...

F5 BIG-IP Denial of Service Vulnerability (CNVD-2018-17656)

The F5 BIG-IP Edge Gateway serves as an access solution that provides SSL VPN remote access, security, application acceleration and high availability for remote users. A denial of service vulnerability exists in F5 BIG-IP due to an excessive consumption of the target traffic management microkerne...

Glusterfs elevation of privilege vulnerability

Red Hat GlusterFS is an open source distributed file system from Red Hat. The system is a combination of different storage servers , these servers by the Ethernet or unlimited bandwidth technology Infiniband and remote direct memory access RDMA convergence , and ultimately the formation of a larg...

Busybox Code Execution Vulnerability

BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. A security vulnerability exists in the 'busybox wget' mini-application in Busybox, which stems from the program's failure to validate SSL certificates. An attack...

miniSphere Integer Overflow Vulnerability

miniSphere is a lightweight JavaScript-based game engine. An integer overflow vulnerability exists in the 'layerresize' function in the mapengine.c file in miniSphere 5.2.9 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service with the help of a specially...

CVE-2018-5527

On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel tmm to leak memory. As a result, system memory usage...

USN-3692-2: OpenSSL vulnerabilities

USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and...

BSA-2018-620

Security Advisory ID : BSA-2018-620 Component : TLS Revision : 2.0 The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations...

glusterfs: access trusted peer group via remote-host command

A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to...

WebKitGTK+ Memory Misreference Vulnerability

WebKitGTK+ is a full-featured port of the WebKit rendering engine, a typography engine used to allow web browsers to draw web pages. A memory misreference vulnerability exists in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit used in WebKitGTK+. An attacker can exploit this...

Summer SOTI - DDoS by the numbers

Time for a Change The State of the Internet / Security report has been the home for Akamai's research on DDoS, attack traffic and Internet threats for over three years. While the report has evolved and expanded its scope considerably over that time, the content and how it's presented have only se...

kernel: ping socket / AF_LLC connect() sin_family race

A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system...

The vulnerability of the implementation library for the Transport Layer Security protocol of Cisco’s microprogrammable network interface devices allows a attacker to induce a service failure.

The vulnerability of the implementation library for the Transport Layer Security TLS protocol in Cisco’s micro-programmed network interface devices exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending...