PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...

PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding...

nettle: Remote crash in RSA decryption via manipulated ciphertext

A flaw was found in nettle in the way its RSA decryption functions handle specially crafted ciphertext. This flaw allows an attacker to provide a manipulated ciphertext, leading to an application crash and a denial of service...

ALSA-2021:4451 Moderate: gnutls and nettle security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...

Moderate: gnutls and nettle security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...

OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow

...

Mozilla Firefox Security Advisory (MFSA2016-77) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability

Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2021-2639)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sonicwall SonicOS 6.5.4 - (Common Name) Cross-Site Scripting Vulnerability

Exploit Title: Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting XSS Vendor Homepage: https://www.sonicguard.com/NSV-800.asp Product & Service Introduction: =============================== The design, implementation and deployment of modern network architectures, such as virtualization...

TeamViewer Desktop Bypass Remote Login Vulnerability

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3711)

Summary MessageGateway has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of th...

CVE-2021-34783

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This...

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliances Software 输入验证错误漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. An input validation error vulnerability exists in Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software, which is caused by...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2021-2598)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A week in security (Oct 18 – Oct 24)

Last week on Malwarebytes Labs Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache. “Killware”: Is it just as bad as it sounds? REvil ransomware disappears after Tor services hijacked. Protect yourself from BlackMatter ransomware: Advice issued. q-logger skimmer keeps Magecart...

EulerOS 2.0 SP3 : nettle (EulerOS-SA-2021-2598)

According to the versions of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a...

CVE-2021-38461

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...

Hardcoded credentials

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...