27 matches found
freeipmi security update
1.6.17-1 - Update to 1.6.17 1.6.14-6 - .fmf/version: Add fmf metadtata root 1.6.14-5 - gating: RHEL-10: Add OSCI testing...
Oracle Linux 10 : freeipmi (ELSA-2026-13515)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-13515 advisory. 1.6.17-1 - Update to 1.6.17 1.6.14-6 - .fmf/version: Add fmf metadtata root 1.6.14-5 - gating: RHEL-10: Add OSCI testing Tenable has extracted the preceding...
EUVD-2017-2316
Malware in sbrugna...
EUVD-2017-2315
Malware in sbrugna...
EUVD-2017-2317
Malware in sbrugna...
bluez security update
5.63-3 + bluez-5.63-3 - Add back the tests for OSCI. 5.63-2 + bluez-5.63-2 - Change default of ClassicBondedOnly to true to align with HID specification. - Resolves: RHEL-18429 - Fixing CVE-2021-41229...
evolution security and bug fix update
bogofilter 1.2.5-2 - Bump version to have OSCI/gating tests rerun with updated tests 1.2.5-1 - Resolves: 1836279 Update to 1.2.5 evolution 3.28.5-14 - Related: 1817143 Add a small patch to behave better with WebKitGTK 2.28 3.28.5-13 - Resolves: 1836165 Cannot type the date of a meeting...
OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass
A blog post with further information has been released on this topic as well: https://r.sec-consult.com/osci SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: OSCI-Transport Library 1.2...
The German e-Government communications system components there are multiple serious vulnerabilities can lead to government exchange of data breach-vulnerability warning-the black bar safety net
! The G20 Summit on the eve of the German vigorously strengthen the network security and the establishment of the all-Weather command center, and most recently, the SEC-Consult security researchers found that the German e-Government communications library Online Services computer interface the OS...
OSCI Transport Library OSCI-Transport Decryption Transport Encryption Algorithm Vulnerability
OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. A security vulnerability exists in OSCI Transport Library version 1.6.1 Java and ...
OSCI Transport Library OSCI-Transport XXE vulnerability
OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. An XML external entity injection vulnerability exists in OSCI Transport Library...
OSCI Transport Library OSCI-Transport Signature Package Vulnerability
OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. A security vulnerability exists in OSCI Transport Library version 1.6.1 Java and...
CVE-2017-10670
An XML External Entity XXE issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET, exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure...
Xxe
An XML External Entity XXE issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET, exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure...
CVE-2017-10670
An XML External Entity XXE issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET, exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure...
CVE-2017-10669
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET. An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs...
CVE-2017-10668
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET. Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the...
Design/Logic Flaw
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET. An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs...
CVE-2017-10669
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET. An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs...
CVE-2017-10668
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET. Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the...