EUVD-2008-3268

Malware in sbrugna...

CVE-2008-3280

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

Design/Logic Flaw

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

Security Bulletin: Multiple vulnerabilities in the IBM Runtime Environments Java Technology Edition, Versions 6 and 7 in TPF Toolkit (CVE-2014-6593, CVE-2015-0410, and CVE-2015-0138)

Summary Multiple security vulnerabilities exist in the IBM® Runtime Environments Java™ Technology Edition, Versions 6 and 7 that are shipped in TPF Toolkit. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE...

Security Bulletin: Vulnerability in IBM Java Runtime affects the Enterprise Common Collector component of the IBM Tivoli zEnterprise Monitoring Agent (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by the Enterprise Common Collector a component of IBM Tivoli zEnterprise Monitoring Agent, a component of IBM Tivoli...

Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Web (CVE-2015-0159, CVE-2015-0138, CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM Security Access Manager for Web. The GSKit that is shipped with IBM Security Access Manager for Web contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System. (CVE-2015-2808, CVE-2015-0204, CVE-2015-1916, and CVE-2015-0138)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 and 7, that is used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: “Factoring Attack on RSA-EXPORT keys"...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java...

PT-2015-4518

Name of the Vulnerable Software and Affected Versions IBM Java versions prior to 8 SR1 IBM Java 7 R1 versions prior to SR2 FP11 IBM Java 7 versions prior to SR9 IBM Java 6 R1 versions prior to SR8 FP4 IBM Java 6 versions prior to SR16 FP4 IBM Java 5.0 versions prior to SR16 FP10 Description The...