158 matches found
The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service, which allows a hacker to cause a service failure.
The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTPS protocol...
CVE-2018-11421
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to...
Firefox to Automatically Trust OS-Installed CA Certificates to Prevent TLS Errors
Mozilla has finally introduced a mechanism to let Firefox browser automatically fix certain TLS errors, often triggered when antivirus software installed on a system tries to intercept secure HTTPS connections. Most Antivirus software offers web security feature that intercepts encrypted HTTPS...
FreeBSD-SA-19:03.wpa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:03.wpa Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in hostapd and wpasupplicant Category: contrib Module: wpa Announced: 2019-05-14...
The vulnerability of the ISAKMP discriver in the Wireshark traffic analyzer program, related to the swapping of the zero pointer, allows a hacker to trigger a service failure.
The vulnerability of the ISAKMP discriver in the Wireshark traffic analyzer program is related to the assignment of a zero pointer. Exploiting this vulnerability allows a malicious actor to cause a service failure using a specially crafted trace file...
Important: Red Hat Security Advisory: mod_auth_mellon security and bug fix update
An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Vulnerabilities in the WPA3 Wi-Fi Security Protocol
Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...
Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
🔥 Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi...
Java Debug Wire Protocol Remote Code Execution
!/usr/bin/python Universal JDWP shellifier @hugsy And special cheers to @lanjelot import socket import time import sys import struct import urllib import argparse JDWP protocol variables HANDSHAKE = "JDWP-Handshake" REQUESTPACKETTYPE = 0x00 REPLYPACKETTYPE = 0x80 Command signatures VERSIONSIG = 1...
WPA2 Protocol Vulnerabilities - US
Lenovo Security Advisory: LEN-17420 Potential Impact: An attacker could manipulate the vulnerability to affect clients through arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames Severity: High Scope of...
nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...
How to disable TLS 1.0 with no impact on Veeam ONE functionality
Possible Veeam ONE issues with disabling TLS 1.0 protocol and their resolution plans...
Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)
Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by the IBM FlashSystem V840. Vulnerability Details CVE-ID: CVE-2011-3389 DESCRIPTION: Multiple products could allow a remote attacker to obtain...
CVE-2018-0886
The Credential Security Support Provider protocol CredSSP in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code...
ROBOT attack against PAN-OS
ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...
SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...
The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.
The vulnerability of the WPA2 protocol, which provides security for Wi-Fi wireless networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to access encrypted information transmitted over the...
DEBIAN-CVE-2017-13077
Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Pairwise Transient Key PTK Temporal Key TK during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update C)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
SECCN User Behavior Management Firewall Has Information Disclosure Vulnerability
SECCN User Behavior Management Firewall is an application gateway firewall based on a security protocol stack. The SECCN User Behavior Management Firewall suffers from an information leakage vulnerability. An attacker can exploit this vulnerability to obtain sensitive server files, posing an...