Debian Bug report logs -
#901626
libtomcrypt: CVE-2018-12437
Package:
src:libtomcrypt;
Maintainer for src:libtomcrypt is Michael Stapelberg <stapelberg@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 15 Jun 2018 19:24:04 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found ...
Debian Bug report logs -
#904121
mysql-57: Security fixes from the July 2018 CPU
Package:
src:mysql-57;
Maintainer for src:mysql-57 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 20 Jul 2018 04:21:02 UTC
Severity: grave
Tags: ...
Several security issues were fixed in OpenSSL ...
OpenSSL could be made to crash if it received specially crafted network
traffic ...
Synopsis
Moderate: ovmf security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for ovmf is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Synopsis
Moderate: Red Hat JBoss Web Server 31 Service Pack 7 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this release as hav ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Synopsis
Critical: Red Hat Ansible Tower 331-2 Release - Container Image
Type/Severity
Security Advisory: Critical
Topic
Security Advisory
Description
Red Hat Ansible Tower 331 is now available and contains the following bug fixes: Fixed event callback error when in-line vaulted variabl ...
Synopsis
Moderate: openssl security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for openssl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
Synopsis
Important: Red Hat JBoss Web Server 31 Service Pack 7 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impactof Important A Common Vulnerabi ...
It was discovered that constructed ASN1 types with a recursive
definition could exceed the stack, potentially leading to a denial of
service
Details can be found in the upstream advisory:
wwwopensslorg/news/secadv/20180327txt
For the stable distribution (stretch), this problem has been fixed in
version 102l-2+deb9u3
We recommend tha ...
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2017-3738
David Benjamin of Google reported an overflow bug in the AVX2
Montgomery multiplication procedure used in exponentiation with
1024-bit moduli
CVE-2018 ...
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished This could be exploited in a Denial Of Service attack( ...
Constructed ASN1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion This could result in a Denial Of Service attack There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe Fixed in OpenSSL 110h ( ...
A stack-exhaustion issue has been found in OpenSSL <= 110h, where constructed ASN1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion This could result in a Denial Of Service attack There are no such structures used within SSL/TLS that come from ...
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) Supported versions that are affected are 5722 and prior Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server Successful attacks of this vulnerability can result in unauthorize ...
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump) Supported versions that are affected are 5640 and prior Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server Successful attacks of this vulnerability can result in unautho ...
Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsac, aka the Return Of the Hidden Number Problem or ROHNP To discover an ECDSA key, the attacker needs access to either the local machine or a d ...
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme The module can only be compile ...
JP1 and Hitachi IT Operations Director contain the following vulnerabilities:
CVE-2018-0739, CVE-2018-1301
Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Multiple vulnerabilities have been found in JP1/Automatic Job Management System 3 - Web Operation Assistant
CVE-2018-0739, CVE-2018-1301, CVE-2019-1559, CVE-2019-1563, CVE-2020-1938
Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Constructed ASN1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion Successful exploit of this vulnerability may result in a Denial of Service attack (Vulnerability ID: HWPSIRT-2018-03073)
This vulnerability has been assigned a Common Vulnerabilities and Exp ...
Nessus Network Monitor leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL to address th ...
SecurityCenter leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to provide a stand-alone OpenSSL patch to address the ...
Industrial Security leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL to address the po ...
PAN-SA-2018-0015 OpenSSL Vulnerabilities in PAN-OS ...
Vulmon