ROS-2-448

2.448 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability Description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM GPFS for Windows (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM GPFS for Windows V3.5 Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properl...

SUSE: Security Advisory (SUSE-SU-2017:1608-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

GHSA-W3HJ-WR2Q-X83G Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

PT-2021-24354 · Consensys · Consensys Discovery

Name of the Vulnerable Software and Affected Versions: Consensys Discovery versions less than 0.4.5 Description: The issue arises from Consensys Discovery using the same AES/GCM nonce for the entire session, which should ideally be unique for every message. This can lead to the leaking of the...

CVE-2021-22194

GitLab (all versions) are affected by CVE-2021-22194 due to marshalled session keys being stored in Redis. The connected documents state this behavior but provide no specific fix/version; no exploitation details are documented. Remediation or patch details are not specified in the supplied source...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM DataQuant for Workstation (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DataQuant for Workstation. Vulnerability Details CVEID: CVE-2015-4000 The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey...

Sagemcom F@ST3686 Buffer Error Vulnerability

The Sagemcom F@ST3686 is a router from Sagemcom France. A buffer error vulnerability exists in the Sagemcom F@ST 3686 v2 3.495 devices, which originates from a long sessionKey to a goform login URI...

Linux: SSH RekeyLimit

RekeyLimit specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of time that may pass before the session key is renegotiated. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted fro...

Security Bulletin:Vulnerability in Diffie-Hellman ciphers affects Rational Synergy (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Synergy Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey ...

Information Disclosure

Libgcrypt is vulnerable to information disclosure. An attacker who learns the EdDSA session key can recover the long-term secret key...

Gitlab -- multiple vulnerabilities

Gitlab reports: Potential Denial Of Service Via Update Release Links API Insecure Storage of Session Key In Redis Improper Access Expiration Date Validation Cross-Site Scripting in Multiple Pages Unauthorized Users Can View Custom Project Template Cross-Site Scripting in SVG Image Preview...

Huawei EulerOS: Security Advisory for libXdmcp (EulerOS-SA-2020-2034)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4539-1 awl vulnerability

Andrew Bartlett discovered that DAViCal Andrew's Web Libraries AWL did not properly manage session keys. An attacker could possibly use this issue to impersonate a session. CVE-2020-11728...

PT-2021-5763

Name of the Vulnerable Software and Affected Versions ceph versions prior to 14.2.20 Description The issue is related to a flaw in the authentication procedure of the ceph storage network, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and caus...

CVE-2020-10123

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...

CVE-2020-10123

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...

NCR SelfServ ATM dispenser software contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...