CVE-2019-10851

Computrols CBAS 18.0.0 has hard-coded encryption keys...

Hardcoded credentials

A vulnerability in Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on loca...

CVE-2019-1589

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

CVE-2019-1586

CVE-2019-1586 affects Cisco Application Policy Infrastructure Controller (APIC) software. The vulnerability arises from insecure removal of cleartext encryption keys stored on local partitions on the device’s hard drive. An unauthenticated, local attacker with physical access could retrieve encry...

Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack

Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix's website, and...

Debian DLA-1696-1 : ceph security update

Several vulnerabilities were discovered in Ceph, a distributed storage and file system. CVE-2018-14662 It was found that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. CVE-2018-16846 It was found that authenticated ceph RGW...

Debian: Security Advisory (DLA-1696-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

DEBIAN-CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

UBUNTU-CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

PT-2019-9383 · Ceph +3 · Ceph +3

Name of the Vulnerable Software and Affected Versions: Ceph versions up to v13.2.4 Description: The issue is related to the improper sanitization of encryption keys in debug logging for v4 auth, resulting in the leaking of encryption key information in log files via plaintext. Recommendations: Fo...

Magento Multiple Vulnerabilities (Nov 2018)

Magento is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:magentocommerce:magento"; if...

El Chapo's Encryption Defeated by Turning His IT Consultant

Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrad...

DEBIAN-CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

Apple macOS High Sierra APFS Logic Flaw Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.APFS is one of the file system components for Apple devices. A security vulnerability exists in the APFS component in Apple macOS High Sierra version 10.13.1, which stems from the fact that APFS...

CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

CVE-2018-14662

It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

PT-2019-4929 · Ceph +3 · Ceph +3

Name of the Vulnerable Software and Affected Versions: Ceph versions prior to 13.2.4 Description: The issue is related to an authorization procedure error in the Ceph storage system. This error can be exploited by a remote attacker to gain unauthorized access to dm-crypt encryption keys used in...

Sitefinity < 10.0.6412.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is prior to 10.0.6412.0. It is, therefore, affected by multiple vulnerabilities in Telerik DialogHandler and RadAsyncUpload : - A cryptographic weakness exists in Telerik.Web.UI that can be exploited to disclose encryption keys - An...

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

The libssh open-source project has issued an update to address an authentication bypass vulnerability in the server code — to say that it’s trivial to exploit is an understatement. The flaw CVE-2018-10933 exists in libssh versions 0.6 and above being used in server mode – and it allows anyone to...