Mitsubishi Electric MELSEC iQ-F FX5-OPC

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-F FX5-OPC Vulnerability : NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to...

nss bug fix and enhancement update

An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

Moderate: Red Hat Bug Fix Advisory: nss bug fix and enhancement update

An update for nss is now available for Red Hat Enterprise Linux 9.2 Extended Update Support and Red Hat Enterprise Linux 9. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Bug Fixes and...

CVE-2024-26130

A flaw was discovered in python-cryptography. A NULL pointer dereference can be triggered when a PKCS12 key and certificate do not match. Specifically, if the pkcs12.serializekeyandcertificates function is called with a non-matching certificate and private key and an encryption algorithm with...

Ubuntu: Security Advisory (USN-6673-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6673-1: python-cryptography vulnerabilities

Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. CVE-2023-50782 It was discovered that...

openSUSE: Security Advisory for mozilla (SUSE-SU-2023:0434-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nss: Fix of CVE-2023-0767

CVE-2023-0767: nss: improve handling of unknown PKCS12 safe bag types...

Security Bulletin: GSKit Trust Anchor vulnerability in Tivoli Directory Server (CVE-2012-2203)

Abstract A vulnerability has been identified in the GSKit component utilized by Tivoli Directory Server TDS such that trust anchors can be inserted without detection. Remediation for the issue consists of updating GSKit 7 to version 7.0.4.41 or higher, and GSKit 8 to version 8.0.14.22 or higher...

java-17-openjdk bug fix update

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...

Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

SUSE: Security Advisory (SUSE-SU-2018:4063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10320

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2019-442)

This update for MozillaFirefox, mozilla-nss fixes the following issues : Security issue fixed in Mozilla Firefox 60.0.2 ESR : - CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia MFSA 2018-14, boo1096449 The following bugs were fixed : - In KDE Open with option in download...

SUSE SLED12 / SLES12 Security Update : python-cryptography, python-pyOpenSSL (SUSE-SU-2018:4063-1)

This update for python-cryptography, python-pyOpenSSL fixes the following issues : Security issues fixed : CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 CVE-2018-1000807: A use-after-free in X509 object handling was fixed bsc111163...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)

This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visite...

OracleVM 3.3 / 3.4 : nss (OVMSA-2018-0264)

The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which...

Security Bulletin: IBM Rational ClearQuest security vulnerability fixes for CVE-2012-2203

Summary IBM Rational ClearQuest uses the IBM GSKit component to establish SSL connections to an LDAP directory server for LDAP authentication. ClearQuest 7.1.2.8 and 8.0.0.4 install updated versions of GSKit which contain corrections for security vulnerability CVE-2012-2203 Vulnerability Details ...

Security update for MozillaFirefox, mozilla-nss (important)

This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issue fixed in Mozilla Firefox 60.0.2 ESR: - CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia MFSA 2018-14, boo1096449 The following bugs were fixed: - In KDE Open with option in download dialog...

Design/Logic Flaw

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS12 file to the toolkit and...