Lucene search
K

249 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/04/05 11:50 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on 30 October 2018 and later by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVE-ID:...

5.9CVSS0.6AI score0.17139EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.30 views

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1267)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use...

5.9CVSS7AI score0.12154EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.3 views

The vulnerability of the implementation of the Digital Signature Algorithm (DSA) in the OpenSSL library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Digital Signature Algorithm implementation in the OpenSSL library is related to errors in managing cryptographic keys. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by recovering the secret...

7.1CVSS6.5AI score0.12154EPSS
Exploits0References26Affected Software23
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/27 6:25 a.m.40 views

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2018-0734 Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signatur...

5.9CVSS2AI score0.12154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/19 5:40 p.m.41 views

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...

8.1CVSS0.4AI score0.41288EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/29 9:10 p.m.59 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software

Summary Multiple Node.js vulnerabilities were disclosed by the Node.js project. Node.js is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details...

8.1CVSS0.5AI score0.41288EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/25 12:0 a.m.304 views

OpenSSL 1.0.2 < 1.0.2q Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2q. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2q advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a...

5.9CVSS6.9AI score0.12154EPSS
Exploits4References8
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/21 3:55 p.m.51 views

Security Bulletin: OpenSSL vunerability

Summary IBM MessageSight has addressed the following vulnerability. OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm ...

5.9CVSS0.9AI score0.12154EPSS
Exploits0Affected Software1
Mageia
Mageia
added 2018/11/27 3:26 p.m.59 views

Updated openssl packages fix security vulnerabilities

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS6AI score0.12154EPSS
Exploits4References3
NVD
NVD
added 2018/10/30 12:29 p.m.16 views

CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS5.9AI score0.12154EPSS
Exploits0References29
RedHat Linux
RedHat Linux
added 2018/08/27 2:20 p.m.7 views

OpenSSL: Double-free in DSA code

A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...

10CVSS7.3AI score0.26335EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2018/07/12 4:14 p.m.5 views

openssl: BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

5.9CVSS6.7AI score0.15934EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:29 a.m.44 views

Security Bulletin: Vulnerability in Mozilla NSS affects PowerKVM (CVE-2015-2730)

Summary PowerKVM is affected by a vulnerability in Mozilla NSS CVE-2015-2730. This vulnerability is now fixed. Note that this primarily affects Mozilla Firefox, which does not ship with PowerKVM. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Firefox could allow a remote attacker...

4.3CVSS0.8AI score0.03594EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/06/15 2:29 a.m.3 views

CVE-2018-12433

cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor...

4.9CVSS5.8AI score0.00346EPSS
Exploits1References1
OSV
OSV
added 2018/06/04 1:29 p.m.2 views

DEBIAN-CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS7.6AI score0.032EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/05/14 6:4 p.m.32 views

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung began rolling out patches over the weekend to fix six critical bugs found in its flagship Android handsets as part of its May patch bulletin. Flaws range from a remote code execution bug to a buffer overflow vulnerability, plus a peek-and-poke command bug that leaves memory locations open...

10CVSS9.6AI score0.0165EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2018/04/10 11:21 a.m.6 views

openssl: bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

6.5CVSS6.8AI score0.10133EPSS
Exploits0References5
NVD
NVD
added 2018/03/31 9:29 p.m.24 views

CVE-2015-9258

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...

7.5CVSS7.4AI score0.01063EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/03/31 9:29 p.m.20 views

CVE-2015-9258

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...

7.5CVSS7.1AI score0.01063EPSS
Exploits0References3
Prion
Prion
added 2018/03/31 9:29 p.m.14 views

Code injection

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...

5CVSS6.9AI score0.01063EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder