5314 matches found
New SSH Vulnerability
This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being...
GHSA-VC3V-PPC7-V486 vantage6-server node accepts non-whitelisted algorithms from malicious server
Impact A node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a fake parentid and send a task of a non-whitelisted algorithm. The node will then execute it because the parentid that is set prevents checks from bein...
CVE-2023-47631 vantage6 Node accepts non-whitelisted algorithms from malicious server
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...
Design/Logic Flaw
Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration...
CVE-2023-44319
CVE-2023-44319 affects Siemens SCALANCE and RUGGEDCOM devices (e.g., RM1224 LTE, M8xx/UM8xx/SCALANCE S615/WAB/WUM/WAM series). Root cause: use of a weak checksum algorithm to protect exported configuration backups, enabling an authenticated admin or a tricked admin to upload a modified backup and...
RandomizerNXT allows randomness re-rolling and also front-running.
Lines of code Vulnerability details Description When a collection uses RandomizerNXT as the randomizer, the process of minting and setting the token hash happens in the same transaction and block, which allows two attacks. First, a user can see the randomness outcome in mempool and front-run his...
Weak Cryptography
esptool is vulnerable to weak cryptography. The vulnerability is due to the libraries usage of the AES ECB algorithm, which could allow an attacker to access sensitive information in system...
CVE-2023-46894
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
Windows Gather PL/SQL Developer Connection Credentials
This module can decrypt the histories and connection credentials of PL/SQL Developer, and passwords are available if the user chooses to remember. Module Options msf use post/windows/gather/credentials/plsqldeveloper msf postplsqldeveloper show actions ...actions... msf postplsqldeveloper set...
esptool allows attackers to view sensitive information via weak cryptographic algorithm
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
AsyncSSH Rogue Extension Negotiation
Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...
CVE-2023-46894
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
CVE-2023-46894
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
PYSEC-2023-234
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
Information disclosure
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
PYSEC-2023-234
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
Meta whistleblower says company has long ignored how it sexually endangers children
At a Senate hearing, a Meta whistleblower has revealed some shocking numbers around children’s experiences of its platforms. Arturo Béjar, a former engineering director at Meta, testified before the US Congress on Tuesday. Not only did he share his own daughters’ experience suffering harassment o...
CVE-2023-46894
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...
PT-2023-30256 · Esptool · Esptool
Name of the Vulnerable Software and Affected Versions: esptool version 4.6.2 Description: An issue in esptool allows attackers to view sensitive information due to the use of a weak cryptographic algorithm. Recommendations: For esptool version 4.6.2, at the moment, there is no information about a...
CVE-2023-46894
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm...