crate has been renamed to `block-cipher`

This crate has been renamed from block-cipher-trait to block-cipher. The new repository location is at:...

RUSTSEC-2020-0018 crate has been renamed to `block-cipher`

This crate has been renamed from block-cipher-trait to block-cipher. The new repository location is at:...

OPENSUSE-SU-2020:0003-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 68.3esr MFSA 2019-38 bsc1158328 Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction bmo1546331 - CVE-2019-13722: Fixed a stack corruption due to incorrect number of...

DEBIAN-CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

ALPINE-CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

Design/Logic Flaw

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

CVE-2019-11745

CVE-2019-11745 is a heap-based out-of-bounds write in Mozilla NSS (NSC_EncryptUpdate) when data smaller than the block size is encrypted. This could allow a remote attacker to trigger a crash or execute arbitrary code with the user’s privileges (attack surface includes NSS-enabled apps such as Th...

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

Security Vulnerabilities fixed in - Thunderbird 68.3 — Mozilla

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitabl...

Security Vulnerabilities fixed in - Firefox 71 — Mozilla

Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. When setting a thread name on Windo...

The vulnerability of OpenVPN software is related to issues with encryption using a 64-bit block. This allows a hacker to restore the original message.

The vulnerability of the OpenVPN software is related to issues with encryption when using a 64-bit block cipher. Exploiting this vulnerability allows a malicious actor to restore the original message through a “Sweet32” attack...

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...

Pwning a Siemens Scalance ICS switch through ARM reversing

We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or support SCADA environments. Whilst pen testing a ship control system, we noticed a heavy reliance on Siemens Scalance industrial ethernet switches, so bought a...

kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service

The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AFALG-based skcipher interface to cause a denial of service uninitialized-memory free and kernel crash or have an unspecified othe...

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...