Code injection

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...

OpenSSL 1.0.1 < 1.0.1u / 1.0.2 < 1.0.2i Multiple Vulnerabilities

Binary data 9625.prm...

CVE-2015-8085

The CVE-2015-8085 entry concerns Huawei AR routers and several Quidway/S5300/S5700 series devices where passwords could be obtained or decrypted due to the use of a reversible encryption algorithm. Affected software versions include Huawei AR routers pre-V200R007C00SPC100 and the listed Quidway/S...

CVE-2015-8085

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC5...

Yahoo Challenged on Claims Breach Was State-Sponsored Attack

As challenges mount against Yahoo’s attribution of a massive 2014 data breach to state-sponsored hackers, CISO Bob Lord yesterday confirmed that a cache of 200 million Yahoo accounts marketed this summer in an underground forum is unrelated to the breach. Speaking at the Structure Security...

openssl: Non-constant time codepath followed for certain operations in DSA implementation

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...

CVE-2016-5957

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm...

CVE-2016-5957

CVE-2016-5957 affects the IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance. The vulnerability arises from the use of weaker cryptographic algorithms, allowing an attacker to defeat cryptographic protections and obtain sensitive information. Affected: ISPIM Virtual Appliance 2.x ...

Apple Squashes 68 Security Bugs With Sierra Release

With the release of macOS Sierra 10.12 Tuesday, Apple snuffed out dozens of lingering security vulnerabilities in OS X El Capitan and Yosemite. Along with updates to its OS, Apple addressed security bugs in its Safari web browser and macOS Server in separate security bulletins, also released...

CVE-2016-0923

The client in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server...

CVE-2016-0923

The client in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server...

Matroschka - Python Steganography Tool To Hide Images Or Text In Images

Матрёшка mɐˈtrʲɵʂkə is a command-line steganography tool written in pure Python. You can use it to hide and encrypt images or text in the least significant bits of pixels in an image. Encryption The encryption uses HMAC-SHA256 to authenticate the hidden data. Therefore the supplied MAC password i...

CVE-2016-6899

The Intelligent Baseboard Management Controller iBMC in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, a...

CVE-2016-6838

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before...

CVE-2016-6838

The CVE-2016-6838 issue affects Huawei server products, including X6800/XH620, RH1288/RH2288, CH140/CH226, CH220, and CH121/CH222 V3 platforms, with software versions before the indicated SPC fixes. The root cause is insecure SSH encryption algorithm selection that can allow remote attackers to d...

CVE-2016-5430

The RSA 1.5 algorithm implementation in the JOSEJWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...

CVE-2016-5430

The RSA 1.5 algorithm implementation in the JOSEJWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...

Design/Logic Flaw

The RSA 1.5 algorithm implementation in the JOSEJWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...

CVE-2016-5430

The CVE-2016-5430 entry affects jose-php prior to 2.2.1, where the RSA-1.5 implementation in JOSE_JWE/JWE.php lacks a Random Filling protection mechanism. This omission enables a remote attacker to obtain plaintext data via a Million Message Attack (MMA). Affected component: jose-php’s JWE.php wi...

CVE-2016-5430

The RSA 1.5 algorithm implementation in the JOSEJWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...