165 matches found
CVE-2017-13874
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection...
Joyent Node.js Authentication Bypass Vulnerability
Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...
Synology DiskStation Manager (DSM) Encryption Mechanism Bypass Vulnerability
Synology DiskStation Manager is an operating system for use on networked storage servers NAS. A security vulnerability in Synology DiskStation Manager SYNO.API.Encryption allows remote attackers to bypass the encryption protection mechanism by submitting a special 'version' parameter request...
CVE-2017-9553
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter...
Design/Logic Flaw
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter...
CVE-2017-9553
CVE-2017-9553 concerns a design flaw in Synology DiskStation Manager (DSM) SYNO.API.Encryption that, on DSM versions prior to 6.1.3-15152, allows remote attackers to bypass the encryption protection mechanism by sending a crafted version parameter. The issue affects DSM’s SYNO.API.Encryption comp...
10 Things You Need To Know About 'Wikileaks CIA Leak'
Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems. It dubbed the first release as Vault 7. Vault 7 is just the first part of leak...
DEBIAN-CVE-2016-7798
The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...
UBUNTU-CVE-2016-7798
The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...
July 2016 Android Security Bulletin
The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point ou...
CVE-2016-2141
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
The vulnerability of the Junos operating system, which allows a hacker to bypass the cryptographic mechanisms used for encryption and authentication protection.
The vulnerability of the Junos operating system is related to errors in cryptographic transformations. Exploiting this vulnerability allows a malicious actor to bypass the cryptographic mechanisms used for encryption and authentication...
Cisco TelePresence Video Communication Server Information Disclosure Vulnerability
Cisco TelePresence is a Cisco TelePresence solution. Cisco TelePresence Video Communication Server VCS X8.6 uses the same key for different customer installations, which allows local users to bypass encryption protection mechanisms...
Microsoft Windows Trusted Boot Security Feature Bypass Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. A security feature bypass vulnerability exists in Microsoft Windows. An attacker can exploit this vulnerability to disable code integrity checking, load signed...
Researchers Unveil Square Reader Mobile POS Hacks
It wasn’t long ago when hacking a point-of-sale system meant deploying a RAM scraper at a retailer, sitting back and watching the credit card numbers roll in. Now that POS has gone mobile with vendors such as Square, Intuit, Revel and others using hardware fobs connected to smartphones and tablet...
python-keystoneclient: middleware memcache encryption and signing bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...
Arbitrary file deletion
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and...
Offline Windows Analysis and Data Extraction (OWADE) - Forensics tool to expose all your online activity
Offline Windows Analysis and Data Extraction OWADE - Forensics tool to expose all your online activity Researchers "Elie Bursztein " from Stanford University in California have managed to bypass the encryption on a PC's hard drive to find out what websites a user has visited and whether they have...
DECT标准密码加密绕过漏洞
Bugraq ID: 38152 DECT是数字增强型无线通讯标准。 DECT标准密码DSC加密标准存在加密绕过问题,允许攻击者恢复密钥。 攻击者可以利用漏洞破解DSC加密算法,然后读取无线设备发送到基站的加密数据,允许攻击者获得敏感信息。 针对DECT标准密码的分析将在FSE2010会议上演讲。总的来说可以在PC上在几分钟内恢复DSC的密钥,但是需要几小时获取足够多的密钥流。 DECT Forum DECT 目前没有解决方案提供: http://www.dect.org/index.aspx...
QNAP Systems Encryption Bypass
Title: Crypto backdoor in Qnap storage devices Date: 18 September 2009 URL: http://www.baseline-security.de/downloads/BSC-QnapCryptoBackdoor-CVE-2009-3200.txt Vendor: QNAP Systems Products verified: TS-239 Pro, TS-639 Pro Products unverified: SS-439 Pro, TS-439 Pro, TS-439U-SP/RP, TS-509 Pro,...