Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2015-3193)

The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key...

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 283 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorre...

F5 Networks BIG-IP : OpenSSH vulnerability (K24324390)

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. CVE-2016-10011 Impact A locally authenticated...

FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9f7a0f39-ddc0-11e7-b5af-a4badb2f4699)

Invoking SSLread/SSLwrite while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread/SSLwrite being issued after having...

FreeBSD -- OpenSSL multiple vulnerabilities

Problem Description: If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. CVE-2017-3735 There is a carry propagating bug in the x8664 Montgomery squaring procedure. This only affects processors that support the BMI1, BMI2 and ADX extensio...

GLSA-201702-07 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201702-07 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker is able to crash applications linked...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)

The remote host is affected by the vulnerability described in GLSA-201701-46 Mozilla Network Security Service NSS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details. Impact : Remote...

Mozilla Network Security Service (NSS): Multiple vulnerabilities

Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical...

CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

GLSA-201610-04 : libgcrypt: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201610-04 libgcrypt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact : Side-channel attacks can leak private key...

OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2e. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2e advisory. - The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, a...

Code injection

The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key...

CVE-2015-3193

CVE-2015-3193 affects OpenSSL 1.0.2 on x86_64 where the Montgomery squaring implementation (BN_mod_exp path) mishandles carry propagation, potentially exposing private-key information via DH/DHE ciphersuites. OpenSSL versions 1.0.2 before 1.0.2e are vulnerable; fixed in 1.0.2e. Affected component...

CVE-2015-3193

The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key...

GLSA-201408-14 : stunnel: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201408-14 stunnel: Information disclosure stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to use the same entropy pool. ECDSA...

stunnel: Information disclosure

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to us...

java security update

CentOS Errata and Security Advisory CESA-2013:1447 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...