Information disclosure

In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm...

CVE-2019-19704

CVE-2019-19704 affects JetBrains Upsource prior to 2020.1, where an incorrect user matching algorithm could lead to information disclosure. The Red Hat/CNVD/NVD entries corroborate that Upsource before 2020.1 is vulnerable due to this issue. The Red Hat entry and CNVD descriptions consistently st...

CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

NETGEAR R6700 Encryption Issues Vulnerabilities

The NETGEAR R6700 is a wireless router from NETGEAR. A cryptographic issue vulnerability exists in the encryption of the firmware update image in the NETGEAR R6700 V1.0.4.8410.0.58 release, which stems from an incorrect encryption algorithm. An attacker could exploit this vulnerability among othe...

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices

Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage NAS appliances. Called QSnatch or Derek, the data-stealing malware is said to have compromised 62,000 devices since reports...

Update on NIST's Post-Quantum Cryptography Program

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology NIST has winnowed the 69...

CVE-2020-7514

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

Authorization

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

CVE-2020-7514

Schneider Electric Easergy Builder (versions ≤ 1.4.7.2) contains a CWE-327 vulnerability due to use of a broken or risky cryptographic algorithm. This could allow an attacker to access the device’s authorization credentials and gain full access. The affected component is Easergy Builder; root cau...

CVE-2020-7514

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

Nintendo: Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets

The vulnerability in TSEC Heavy Secure allowed for arbitrary code execution. A return-oriented programming vulnerability was discovered in the TSEC Secure ROM. Cryptographic secrets derived from TSEC were recovered...

CVE-2020-12402

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secr...

Design/Logic Flaw

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secr...

CVE-2020-12402

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secr...

The vulnerability of the PuTTY encryption protection tool lies in the use of a less secure encryption algorithm, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PuTTY encryption method lies in the use of a not sufficiently secure encryption algorithm. Exploiting this vulnerability allows an attacker operating remotely to compromise the confidentiality, integrity, and accessibility of the protected information...

CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure Vulnerabilities

Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities. Advisory Information Title: Multiple vulnerabilities found in CDATA OLTs Advisory URL:...

Alina Point-of-Sale Malware Spotted in Ongoing Campaign

A venerable point-of-sale POS malware called Alina that’s been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System DNS tunneling. DNS is the mechanism by which numeric IP addresses are linked to website names; DNS translates...

CVE-2020-14145

A flaw was found in OpenSSH in versions 5.7 through 8.3, where an Observable Discrepancy occurs and leads to an information leak in the algorithm negotiation. This flaw allows a man-in-the-middle attacker to target initial connection attempts, where there is no host key for the server that has be...

Clario: No rate Limit on Licenses Activation

Introduction A little bit about Rate Limit A rate-limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given time-frame, HTTP-Servers can respond with status code 429...

Security Vulnerabilities fixed in Firefox 78 — Mozilla

When %2F was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...