Design/Logic Flaw

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

DEBIAN-CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

CVE-2018-5383 Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

CVE-2018-13280

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...

PT-2018-11723 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2-23739 Description: The issue is related to the use of insufficiently random values in the SYNO.Encryption.GenRandomKey function, allowing man-in-the-middle attackers to compromise non-HTT...

PT-2018-3532 · Apple +6 · Ios +7

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.13 iOS versions prior to 11.4 Android versions prior to the 2018-06-05 patch Description: The issue is related to incorrect validation of cryptographic signatures in Bluetooth drivers for Android, macOS, and iOS...

CVE-2017-13094 The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of the encryption key and insertion of hardware trojans in any IP

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most...

CVE-2018-8902

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include...

Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK)

Summary PowerKVM is affected by vulnerabilities in wpasuppliacant. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-13077 DESCRIPTION: Wi-Fi Protected Access WPA and Wi-Fi Protected Access II WPA2 protocols, as used in multiple products, could allow a remote...

CVE-2018-12330

CVE-2018-12330 concerns ECOS Secure Boot Stick (SBS) version 5.6.5, where a Protection Mechanism Failure reportedly allows an attacker to compromise authentication and encryption keys through compromised firmware. The connected records (CNVD-2019-09047, NVD entry) corroborate a vulnerability affe...

Security Bulletin: Tivoli Storage Manager UNIX and Linux client encryption key password vulnerability (CVE-2014-4818)

Summary A vulnerability in the IBM Tivoli Storage Manager TSM UNIX and Linux clients would allow a local user to obtain the encryption key password. Vulnerability Details CVEID: CVE-2014-4818 DESCRIPTION: IBM Tivoli Storage Manager Unix and Linux clients contain a vulnerability that would allow a...

Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880)

Summary An IBM QRadar SIEM user with shell access could obtain the encryption key used to encrypt certain passwords. Vulnerability Details CVEID: CVE-2016-2880 DESCRIPTION: IBM QRadar stores the encryption key used to encrypt the service account password which can be obtained by a local user. CVS...

Elastic Cloud Enterprise 1.1.4 security update

Elastic Cloud Enterprise use of shared encryption key ESA-2018-09 In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable...

Malware analysis: decoding Emotet, part 2

In part two of our series on decoding Emotet, you can catch up on part 1 here, we'll cover analysis of the PowerShell code. Before we do that, however, it is a good idea to list some of the functions and calls that are used in the code for the execution. System.Runtime.InteropServices.Marshal: us...

CVE-2018-7534

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...

CVE-2018-7534

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...

CVE-2018-7534

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...

CVE-2018-7534

The CVE-2018-7534 issue affects Unisys Stealth Solution’s Stealth Authorization Server prior to version 3.3.017.0, where an AES encryption key may remain in memory due to failures in memory encryption/garbage collection. This could allow an attacker with local access to obtain the key and perform...