Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-2308)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcopusbprobe function in the drivers/media/usb/b2c2/flexcop-usb.c driver...

RHEL 7 : kernel (RHSA-2019:2975)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2975 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: hardware: bluetooth: BR/EDR encryption...

SUSE-SU-2019:2364-1 Security update for ceph

This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth. bsc1121567...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Vulnerability in OpenSSL - Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Information Disclosure

ceph is vulnerable to information disclosure. The encryption key information is written to the log files in plaintext, which would allow a user with access to the log files to retrieve the confidential information...

CVE-2019-12621

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...

CVE-2019-12621 Cisco HyperFlex Static SSL Key Vulnerability

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...

goDoH - A DNS-over-HTTPS C2

godoh is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS. Installation All you would need are the godoh binaries...

Encryption Key Negotiation of Bluetooth Vulnerability

Executive Summary Microsoft is aware of the Bluetooth BR/EDR basic rate/enhanced data rate, known as "Bluetooth Classic" key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key...

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver Information Disclosure Vulnerability

HID Global DigitalPersona U.are.U 4500 Fingerprint Reader is a fingerprint reader from HID Global, U.S.A. Windows Biometric Framework driver is one of the biometric drivers. A security vulnerability exists in the Windows Biometric Framework driver version 5.0.0.5 in the HID Global DigitalPersona...

CVE-2018-15812

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...

CVE-2018-18326

DNN aka DotNetNuke 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812...

Code injection

DNN aka DotNetNuke 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812...

CVE-2018-15812

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...

CVE-2018-15812

CVE-2018-15812 affects DNN (DotNetNuke) versions 9.2 through 9.2.1. The issue arises from incorrect conversion of encryption key source values, yielding lower than expected entropy in keys. The documents describe related advisories (GHSA, OSV) and OpenVAS entries referencing the same entropy prob...

PT-2019-9576 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN aka DotNetNuke versions 9.2 through 9.2.2 Description: The issue is related to incorrect conversion of encryption key source values, resulting in lower than expected entropy. This problem exists due to an incomplete fix for a previous...