Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2018-0095)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0095 advisory. 1:1.8.0.161-0.b14 - Update to b14 with updated Zero fix for 8174962 S8194828 - Resolves: rhbz1528233 1:1.8.0.161-0.b13 - Update to b13 including Ze...

Hitron CVE-30360 Information Disclosure Vulnerability

Hitron CVE-30360 devices is a router device from China Zhongqi Hitron. A security vulnerability exists in the Hitron CVE-30360 devices, which originates from a program sharing the 578A958E3DD933FC DES key used. The vulnerability can be exploited by an attacker to obtain sensitive information by...

Design/Logic Flaw

An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...

CVE-2017-9663

An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...

CVE-2017-9663

An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...

CVE-2017-9663

An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...

Hoermann BiSecur Device Key Acquisition Vulnerability

Hoermann BiSecur devices is a security door remote control device from Hoermann Germany. A security vulnerability exists in Hoermann BiSecur devices prior to version 2018. An attacker could exploit the vulnerability by recording a single radio broadcast to intercept radio frames between the BiSec...

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

Code injection

An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Wat...

CVE-2017-13903

An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Wat...

CVE-2017-13903

The CVE-2017-13903 issue affects Apple iOS 11.2.1 and tvOS 11.2.1, with HomeKit’s message handling allowing a remote attacker to alter application state. Root cause: improper message handling within HomeKit enabling state changes when processing messages (Apple notes a fix via improved input vali...

Code injection

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

CVE-2017-13663

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

CVE-2017-13663

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

CVE-2017-13663

CVE-2017-13663 affects iSmartAlarm CubeOne firmware (2.2.4.8 and earlier). The vulnerability stems from an exposed encryption key in the device firmware, enabling an attacker to decrypt log files. Documented impact: confidentiality of log data compromised; no explicit remediation details or patch...

Design/Logic Flaw

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

[ASA-201710-22] wpa_supplicant: man-in-the-middle

Arch Linux Security Advisory ASA-201710-22 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : wpasupplicant Type : man-in-the-middle...

Encryption Key Plaintext Storage Vulnerability in OnStar IOS Client Communication

OnStar iOS client is a smart driving system. There is an encryption key plaintext storage vulnerability in the communication of AnjiStar IOS client. As the communication between the OnStar IOS client and the server uses SSL encryption protocol, the OnStar IOS client fails to do any processing of...