Decentralized Anonymous Payment System Data Forgery Issue Vulnerability

Decentralized Anonymous Payment System DAPS is a decentralized anonymous payment system. A Data Forgery Issue vulnerability exists in DAPS 2019-08-26 and prior versions, which stems from the program's use of a weak signature mechanism that can be exploited by an attacker to reuse signatures...

RHEL 7 : Red Hat Ceph Storage 2.5 (RHSA-2018:2261)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2261 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

ceph: cephx uses weak signatures

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...

ceph: cephx uses weak signatures

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...

Red Hat Ceph Weak Signature Vulnerability

Red Hat Ceph is a Linux PB-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, so that data can be fault-tolerant and seamlessly replicated.Ceph...

RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2177 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

ceph: cephx uses weak signatures

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 3.0 security and bug fix update

An update for ceph is now available for Red Hat Ceph Storage 3.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ceph: cephx uses weak signatures

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...

Critical: java-1.8.0-openjdk

Issue Overview: It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...

GnuTLS 2.6.x libgnutls lib/gnutls_pk.c DSA Key Storage Remote Spoofing

No description provided by source. source: http://www.securityfocus.com/bid/34783/info GnuTLS is prone to multiple remote vulnerabilities: - A remote code-execution vulnerability - A denial-of-service vulnerability - A signature-generation vulnerability - A signature-verification vulnerability An...

Stable Update: Security fixes

Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below. CVE-2009- 2935 Unauthorized memory read from Javascript A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing securi...

GnuTLS -- multiple vulnerabilities

SecurityFocus reports: GnuTLS is prone to multiple remote vulnerabilities: A remote code-execution vulnerability. A denial-of-service vulnerability. A signature-generation vulnerability. A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary...