Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200

CVSS v3 5.9 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Vulnerabilities: Stack-based Buffer Overflow, Use of Hard-coded Credentials, Use of a Broken or Risky Cryptographic...

CVE-2017-15326

CVE-2017-15326 affects Huawei DBS3900 TDD LTE (V100R003C00, V100R004C10). The issue is a weak encryption algorithm vulnerability where SSL/TLS negotiation can select insecure ciphers, allowing an unauthenticated remote attacker to crack encrypted data and cause information leakage. Public referen...

Medium: tomcat80

Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...

Updated python-pycrypto packages fix security vulnerability

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

Overview Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore. Description Bouncy Castle is a cryptographic library for C and Java applications, including Android applications. BKS is a...

CVE-2018-0875

It was found that string comparisons in .NET Core did not use a secure hashing algorithm. This could allow an attacker to predict string hashes and cause a denial of service by intentionally creating collisions thus forcing long look up times...

CVE-2017-17167

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

Design/Logic Flaw

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

CVE-2017-17167

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

CVE-2017-17167

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

CVE-2017-17167

CVE-2017-17167 affects Huawei DP300 (V500R002C00), TP3206 (V100R002C00), and ViewPoint 9030 (V100R011C02/V100R011C03) due to use of a broken or risky cryptographic algorithm in SSL. The root cause is reliance on weak crypto algorithms for SSL, enabling a remote unauthenticated attacker to potenti...

Fedora 26 : python-crypto (2018-0c75cc72bc)

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

Encryption 101: How to break encryption

Continuing on in our Encryption 101 series, where we gave a malware analyst's primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some...

Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to...

Code injection

In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs...

Amazon Linux AMI : tomcat8 (ALAS-2018-959)

Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correc...

Update to add SHA-2 authentication endpoint support for WSUS in Windows Server 2008 SP2

Update to add SHA-2 authentication endpoint support for WSUS in Windows Server 2008 SP2 Summary This update provides support of the Secure Hash Algorithm-2 SHA-2 server authentication endpoint for Windows Server Update Services WSUS in Windows Server 2008 Service Pack 2 SP2. How to get this updat...

Document signing deprecation in XPS Viewer

Microsoft has deprecated the Document Signing functionality in XPS Viewer. This functionality relied upon the SHA-1 algorithm and is part of our overall effort to remove this algorithm from our products. This change impacts XPS Viewer on all supported versions of Windows. FAQ 1. I need to use thi...

Amazon Linux AMI : tomcat7 (ALAS-2018-947)

Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration : As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not...

NetEx HyperIP Authentication Bypass

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-592: Authentication Bypass Issues Impact: Authentication Bypass Attack vector: HTTPS 2. Vulnerability Description Authentication for the management...