UBUNTU-CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

ALPINE-CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

USN-3512-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. CVE-2017-3737 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery multiplication procedure. While unlikely, a remote...

OpenSSL AVX2 Montgomery Multiplication Program Information Disclosure Vulnerability

OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...

PT-2017-14274 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue concerns a TLS handshake failure due to the use of SSL read, allowing an active network attacker to send application data to Node.js using the TLS or HTTP2 modules, bypassing TLS...

Denial of Service Vulnerability in Multiple Huawei Products (CNVD-2017-37726)

Huawei DP300 and others are products of Huawei, China. DP300 is a video conferencing terminal. eSpace U1981 is a voice gateway product. A denial of service vulnerability exists in multiple Huawei products, which stems from a program's failure to properly determine the size of the remaining buffer...

The Forrester Wave Ranks Imperva as a Leader for DDoS Mitigation Providers

Imperva has tracked the DDoS threat for some time now. Back in 2014 we saw the rise of DDoS botnets. In 2015, we revealed one of the first IoT-based DDoS attacks. Last year, we predicted and then documented one of the largest botnet-based DDoS attacks. DDoS mitigation, as it turns out, is the...

ALPINE-CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

Q3 2017 Global DDoS Threat Landscape Report

Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,765 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q3 2017. Before diving into the report’s highlights, it should be mentioned that this quarter was marked...

Error: "ProcessAttribute: failed getting 135292-byte attribute"- When Copying Folders Recursively

The import task will fail with this: The CachePoint Appliance could not import the gold image VM to create the Operating System Layer. Error is: Failed to copy folders recursively. Details: Note there are other reasons you could have a failure to copy files recursively.Always check UniSysLibLog f...

Cisco Jabber for Windows Information Disclosure Vulnerability (CNVD-2017-36124)

Cisco Jabber for Windows is the United States Cisco Cisco company's set of unified communications client solutions for the Windows platform. The program provides online status display, instant messaging, voice and other functions. An information disclosure vulnerability exists in Cisco Jabber for...

CVE-2017-15114

When libvirtd is configured by OSP director tripleo-heat-templates to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd which is equivalent to root acces...

How to force HTTPS on the ELM

Many customers have security requirements mandating the use of https. There is no way within the management console of the Enterprise Layer Manager to force https, so Engineering has approved this as the officially supported method to configure the appliance to be https-only...

CVE-2017-8213

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the...

CVE-2017-8157

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

CVE-2017-14388

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer...

Creation of Platform Layer fails with a time out error from Vsphere

During creation of Platform layer, Task fails and we get an error on the App layering console as "A timeout occurred waiting for a vsphere task to complete"...

CVE-2017-14388: GrootFS doesn't validate DiffIDs | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions GrootFS release 0.3.x versions prior to 0.30.0 Description GrootFS does not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker ...