5314 matches found
OESA-2021-1245 lz4 security update
LZ4 is lossless compression algorithm, providing compression speed 500 MB/s per core 0.15 Bytes/cycle. It features an extremely fast decoder, with speed in multiple GB/s per core 1 Byte/cycle. A high compression derivative, called LZ4HC, is available, trading customizable CPU time for compression...
Elliptic Curve Key Disclosure in go-jose
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control C2 communications. "The ransomware is...
NTP < 4.2.8p15 DoS Vulnerability
Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing ntpd to run out of memory and fail. The CMAC cleanup introduced a bug whereby the CMAC data structure was no longer completely removed. SPDX-FileCopyrightText:...
Huawei Data Communication: SSL is configured with an insecure algorithm
If the cipher-suite-list command contains insecure algorithms, the service that references this rule has security risks. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Huawei Data Communication: Disabling Insecure Algorithms on the SSH Server/Client
Checks the algorithm configuration. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...
[SECURITY] Fedora 34 Update: vmaf-2.1.1-1.fc34
VMAF is a perceptual video quality assessment algorithm developed by Netflix. VMAF Development Kit VDK is a software package that contains the VMAF algorithm implementation, as well as a set of tools that allows a user to train and test a custom VMAF model. For an overview, read this tech blog...
PT-2021-4124 · Tor +4 · Tor +4
Name of the Vulnerable Software and Affected Versions: Tor versions prior to 0.4.6.5 Description: An issue was discovered where hashing is mishandled for certain retrieval of circuit data. Consequently, an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm...
The vulnerability of the client’s execution file airhost.exe allows unauthorized access to protected information when conducting real-time audio and video conferences using Zoom Client for Meetings.
The vulnerability of the airhost.exe executable file used by clients for real-time audio and video conferencing with Zoom Client for Meetings is related to the rigid encoding of registration data when using the SHA-256 hashing algorithm. Exploiting this vulnerability can allow a malicious...
CVE-2021-27200
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day...
Code injection
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day...
CVE-2021-27200
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day...
CVE-2021-27200
CVE-2021-27200 affects WoWonder 3.0.4. The issue is a weak cryptographic algorithm in recover.php, making the code parameter easily predictable from the time of day. This enables remote attackers to take over any account. The vulnerability is described consistently across multiple sources (NVD, R...
WoWonder Social Network Platform 3.1 Authentication Bypass
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
WoWonder Social Network Platform 3.1 - Authentication Bypass
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
SUSE: Security Advisory (SUSE-SU-2018:0862-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:1345-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nettle: Out of bounds memory access in signature verification
A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...
Adventures in Contacting the Russian FSB
KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service FSB, the Russian equivalent of the U.S. Federal Bureau of Investigation FBI. In the process of doing so, I encountered a small snag: The FSBs website said in order to communicate with them securely, I needed to...