A port used by VADP is reported to be vulnerable to Logjam (CVE-2015-4000) ...
A port used by Operations Center is reported to be vulnerable to Logjam (CVE-2015-4000) ...
IBM Spectrum Protect Snapshot for VMware is vulnerable to Logjam (CVE-2015-4000) ...
IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrurm Protect for Space Management, and IBM Spectrum Protect for Virtual Environments are vulnerable to Logjam (CVE-2015-4000) ...
Mozilla Foundation Security Advisory 2015-70
NSS accepts export-length DHE keys with regular DHE cipher suites
Announced
July 2, 2015
Reporter
Matthew Green, authors of the paper
Impact
Moderate
Products
Firefox, Firefox ESR ...
NSS accepts export-length DHE keys with regular DHE cipher suites
Announced
July 2, 2015
Reporter
Matthew Green, authors of the paper
Impact
Moderate
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey ...
A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic (CVE-2015-4000)
Please note that this update forces the TLS/SSL client implementation in NSS to ...
Overview A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic to servers that support Diffie-Hellman based export cipher suites This vulnerability is known as 'LogJam' and has been assigned the following CVE number: CVE-2015-4000: cvemitre ...
Several security issues were fixed in Thunderbird ...
Several vulnerabilities were discovered in NSS, the cryptography
library developed by the Mozilla project
CVE-2015-4000
David Adrian et al reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Se ...
<!-- Start - Changes for Security Advisory Channel -->
Security Advisory ID
SYMSA1347
Initial Publication Date:
Advisory Status:
Advisory Severity:
CVSS Base Score:
Legacy ID
18 Feb 2016
Open
Medium
CVSS v2: 58
SA1 ...
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites) An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation This can lead to a passive man-in-the-middle attack in ...
Several security issues were fixed in OpenJDK 7 ...
Several security issues were fixed in OpenJDK 6 ...
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,
use-after-frees and other implementation errors may lead to the
execution of arbitrary code or denial of service This update also
addresses a vulnerability in DHE key processing commonly known as
the LogJam vul ...
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, breakouts of the Java sandbox, information disclosure,
denial of service or insecure cryptography
For the oldstable distribution (wheezy), these problems have been fixed
in version 6b36-1138-1~deb7 ...
Firefox could be made to crash or run programs as your login if it
opened a malicious website ...
Firefox could be made to crash or run programs as your login if it
opened a malicious website ...
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)
A flaw was found in the way the Libraries component of OpenJDK ve ...
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)
A flaw was found in the way the Libraries component of OpenJDK ve ...
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)
A flaw was found in the way the Libraries component of OpenJDK ve ...
<!-- Start - Changes for Security Advisory Channel -->
Security Advisory ID
SYMSA1325
Initial Publication Date:
Advisory Status:
Advisory Severity:
CVSS Base Score:
Legacy ID
17 Jun 2015
Open
High
CVSS v2: 75
SA98
...
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, breakouts of the Java sandbox, information disclosure,
denial of service or insecure cryptography
For the oldstable distribution (wheezy), these problems have been fixed
in version 7u79-256-1~deb7u ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - July 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when ...
Oracle Solaris Third Party Bulletin - January 2016
Description
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...
Oracle Critical Patch Update Advisory - October 2015
Description
A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patc ...