Advantech Spectre RT Industrial Routers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: Spectre RT Industrial Routers Vulnerabilities: Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper...

JSON Web Token None Hashing Algorithm

JSON Web Tokens can be signed to protect against data tampering. By using an asymmetric or a symmetric signing algorithm, the application computes a signature of the token data which will be verified during token decoding to ensure its integrity. JSON Web Tokens can be configured by an applicatio...

Diceware-Password-Generator - Python Implementation Of The Diceware Password Generating Algorithm

Please Note - This Program Do Not StorePasswords In Any Form And All The Passwords Are Generated Locally Inside You Device. Diceware is a method used to generate cryptographically strong memorable passphrases. This is a python implementation of the diceware password generating algorithm. Inspired...

JSON Web Token Weak Secret

JSON Web Tokens can be signed to protect against data tampering. By using an asymmetric or a symmetric signing algorithm, the application computes a signature of the token data which will be verified during token decoding to ensure its integrity. When using a symmetric algorithm, the signature is...

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A weak cryptographic algorithm vulnerability exists in IBM Security Verify Information Queue. An attacker could exploi...

ExecuteAssembly - Load/Inject .NET Assemblies

ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host spawnto process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI,...

CVE-2021-22307

There is a weak algorithm vulnerability in Mate 3010.0.0.203C00E201R7P2. The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module...

CVE-2021-22307

There is a weak algorithm vulnerability in Mate 3010.0.0.203C00E201R7P2. The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module...

Design/Logic Flaw

There is a weak algorithm vulnerability in Mate 3010.0.0.203C00E201R7P2. The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module...

CVE-2021-22307

There is a weak algorithm vulnerability in Mate 3010.0.0.203C00E201R7P2. The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module...

CVE-2021-22307

CVE-2021-22307 affects Huawei Mate 30 smartphones with firmware 10.0.0.203 (C00E201R7P2). The issue is a weak algorithm that leaves protection for certain modules insufficient, allowing local attackers to compromise module integrity. CVSS indicates LOCAL access, low attack complexity, with HIGH i...

Huawei Mate 30 安全漏洞

Huawei Mate 30 is a smartphone from the Chinese company Huawei Huawei. A weak algorithm vulnerability exists in Huawei Mate 30 version 10.0.0.203 C00E201R7P2. The vulnerability stems from the program not adequately protecting against protected modules. A local attacker could exploit the...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-1270)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-1270)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows...

Cisco IOS XE Products Snort Application Detection Engine Policy Bypass (cisco-sa-snort-app-bypass-cSBYCATq)

According to its self-reported version, Cisco IOS XE is affected by a vulnerability in the UTD SNORT IPS detection engine due to a flaw in the detection algorithm. An unauthenticated, remote attacker can exploit this by sending crafted packets that would flow through an affected system. A...

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-1251)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows...

Security Advisory - Information Leakage Vulnerability in Huawei Products

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-74955 This vulnerability ha...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-1159)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat

Members of Congress are demanding the U.S. National Security Agency NSA reveal what it knows about the 2015 Juniper Networks supply-chain delivery breach. In a letter sent by U.S. Senator Ron Wyden and nine additional members of Congress, the lawmakers demand a full account of the NSA-designed...

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These...