237 matches found
Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager
Summary OpenSSL is shipped with IBM Tivoli Network Manager version 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting OpenSSL is published here. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain...
Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1552, CVE-2019-1563)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions,...
Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-1313)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
CVE-2019-12121
The CVE-2019-12121 entry concerns ONAP Portal (Dublin) and describes a padding oracle weakness in the ONAPPORTAL/processSingleSignOn UserId field. Attackers could decrypt information encrypted with the same symmetric key as UserId, affecting all Portal deployments. The connected Red Hat and other...
EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2020-1221)
According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2464)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-2098)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssl1.1.0f (EulerOS-SA-2019-2254)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2019-2430)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2097)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2019-1547, CVE-2019-1549, CVE-2019-1552, and CVE-2019-1563)
Summary OpenSSL has security vulnerability that allows a remote attacker to exploit the application. Respective security vulnerability details are discussed in the subsequent section. Vulnerability Details This section includes the vulnerability details that affects the Rational Build Forge. CVEI...
Padding Oracle Attack
Apache Shiro is vulnerable to padding oracle attack. The attack is possible as it adopts RememberMe configuration for cookies as a default and uses CBC mode of encryption, which would allow an attacker to perform a Java deserialization attack that results in remote code execution...
EulerOS 2.0 SP3 : openssl1.1.0f (EulerOS-SA-2019-2254)
According to the versions of the openssl1.1.0f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some...
EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)
According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...
U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████
Description We were able to identify CVE-2018-2879 in Oracle Access Manager, used on the https://██████ Link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-2879 This vulnerability is rated critical, and may allow unauthenticated attacker with network access via HTTP to compromise Oracle...
Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)
Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...
Design/Logic Flaw
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...
CVE-2019-3730
Dell RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x) are affected by an Information Exposure Through an Error Message vulnerability (padding oracle). A remote attacker could potentially exploit this to extract sensitive information, per CVE...
CVE-2019-3730
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...