177 matches found
CVE-2023-2974
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol...
CVE-2023-2974 Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol...
Quarkus 安全漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from the unenforced use of the TLS protocol and the ability of a client to force an option to support a weaker TLS protocol...
PT-2023-3549 · Unknown · Quarkus-Core
Name of the Vulnerable Software and Affected Versions: quarkus-core affected versions not specified Description: A vulnerability was found in the implementation of the TLS protocol in the Quarkus Java framework. This issue is related to the insufficient reliability of encryption when using the...
CVE-2021-33589
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Advanced Management Module (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM BladeCenter Advanced Management Module AMM. AMMhas addressed the applicable CVEs...
K76610106: F5 IPsec vulnerability CVE-2020-5938
Security Advisory Description When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. CVE-2020-5938 Impact IPsec connections can be created with a different key length than specified in...
SUSE CVE-2006-5794
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging...
SUSE CVE-2015-3276
The nssparseciphers function in libraries/libldap/tlsm.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to weaker than expected security due to Node.js bcprov-jdk15on (235079)
Summary IBM Sterling Connect:Direct Web Services uses Node.js org.bouncycastle:bcprov-jdk15on module which could provide weaker than expected security. The issue has been addressed. Vulnerability Details IBM X-Force ID: 235079 DESCRIPTION: Node.js org.bouncycastle:bcprov-jdk15on module could...
Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security
Summary FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security, caused by not having entity expansion secured properly CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...
PT-2022-22145 · Ibm · Ibm Sterling Secure Proxy
Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy version 6.0.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM Sterling...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2022-35255 and CVE-2022-35256
Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands may be vulnerable to HTTP request smuggling and weaker than expected security. This bulletin provides patch...
IBM CICS TX Encryption Issue Vulnerability
IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX version 11.1 is vulnerable to an encryption issue that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.5. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker cou...
Security Bulletin: Multiple Vulnerabilities in node.js
Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...
Security Bulletin: Multiple Vulnerabilities in Cloud Pak for Watson AIOPs
Summary 3.5 Fixes the following vulnerabilities: CVE-2022-1154, CVE-2018-25032, CVE-2020-29582, CVE-2022-24329, CVE-2022-29217, CVE-2022-22476, CVE-2022-1271, CVE-2022-0778 Vulnerability Details CVEID:CVE-2022-1154 DESCRIPTION: Vim is vulnerable to a heap-based buffer overflow, caused by a...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
Summary Multiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION:...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...
IBM Spectrum Scale 加密问题漏洞
IBM Spectrum Scale is a scalable data and file management solution from IBM based on IBM GPFS an enterprise file management system optimized for petabyte-scale storage management. The product supports helping customers reduce storage costs while improving security and management efficiency in...