789 matches found
Important: Red Hat Security Advisory: java-1.7.0-openjdk security and bug fix update
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
CVE-2017-2704
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skyto...
CVE-2017-2704
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skyto...
CVE-2017-2704
CVE-2017-2704 describes an information exposure vulnerability where encryption keys are stored in device software, allowing reverse engineering to obtain keys. Affected Huawei products include Smarthome, HiAPP, HwParentControl, Crowdtest, HiWallet, Huawei Pay, Skytone, HiCloudDrive (EMUI6.0), HwP...
EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1254)
According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these...
MGASA-2017-0350 Updated bluez packages fix security vulnerability
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol SDP. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information...
Information Disclosure Vulnerability in Multiple Huawei Products
Huawei Smart Home, Huawei App Market, Student Mode, Parent Assistant, Huawei Crowdsourcing, Wallet, Payment, Skype, Huawei Cloud Services, Find My Phone, Huawei Video, Huawei Bracelet Mobile Client,, Health Business Client are all Huawei products. Several Huawei products have information leakage...
Security Advisory - Information Exposure Vulnerability in Huawei Products
Some Huawei products have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. Vulnerability ID: HWPSIRT-2017-07133 This vulnerability has been assigned Common...
Android SDP Server Information Disclosure Vulnerability
SDP server is an SDP server. An information disclosure vulnerability exists in the SDP server in the Android Bluetooth software stack. An attacker is allowed to send a set of carefully crafted requests to the server, thereby making its memory bits public. This information can later be used by an...
bluez: Out-of-bounds heap read in service_search_attr_req function
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol SDP. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information...
CVE-2017-1000250
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol SDP. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information...
[ASA-201709-3] bluez: information disclosure
Arch Linux Security Advisory ASA-201709-3 ========================================= Severity: High Date : 2017-09-12 CVE-ID : CVE-2017-1000250 Package : bluez Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-396 Summary ======= The package bluez before version...
All Credentials and Backup Encryption Keys Become Invalid if Veeam Backup and Replication Is Manually Migrated to Another Machine
Challenge All credentials and backup encryption keys become unusable after manually migrating Veeam Backup and Replication software to a different machine. The term "manual migration," in this case, refers to the process of installing Veeam Backup & Replication on a new system and directing it to...
Telerik Web UI contains cryptographic weakness
Overview The Telerik Web UI, versions R2 2017 2017.2.503 and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys. Description CWE-326: Inadequate Encryption Strength - CVE-2017-9248The Telerik.Web.UI.dll is vulnerable to a cryptographic...
DEBIAN-CVE-2017-11353
yadm yet another dotfile manager 1.10.0 has a race condition related to the behavior of git commands in setting permissions for new files and directories, which potentially allows access to SSH and PGP keys...
HP SiteScope Multiple Vulnerabilities (HPESBGN03763)
The version of HP SiteScope running on the remote host is 11.2x or 11.3x. It is, therefore, affected by multiple vulnerabilities : - A cryptographic weakness exists in the sspu.jar library due to the use of hard-coded encryption keys. A local attacker can exploit this to disclose potentially...
WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way t...
Drupal Remote Dashboard - Critical - Weak encryption keys - SA-CONTRIB-2017-046
UPDATE 2017-07-12 : This SA originally only mentioned the Drupal 8 version of the module, but it was later discovered that this issue affected the Drupal 7 version as well. We've updated the SA for the Drupal 7 security release. Sorry for the confusion! This module enables you to remotely access...
UBUNTU-CVE-2017-7374
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be...
PT-2017-4237 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.10.7 Description: The issue is related to a use-after-free vulnerability in the fs/crypto component of the Linux kernel, which can lead to a denial of service or possibly allow local users to gain privileges...