EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that ntpd did not check whether a Message Authentication Code MAC was present in a received packet when ntpd was...

openSUSE Security Update : curl (openSUSE-2019-1311)

This update for curl fixes the following issues : Security issue fixed : - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Insufficient Entropy In Key Generation Algorithm

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0996-1)

This update for curl fixes the following issues : Security issue fixed : CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code bsc1112758. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

A Go implementation of Poly1305 that makes sense

Poly1305 is a Message Authentication Code--a cryptographic primitive for authenticating a message with a shared secret key, like HMAC. Although its really a fraction of the complexity of e.g. elliptic curves, most of the implementations Ive read look decidedly like magic, mysteriously multiplying...

Examining Pointer Authentication on the iPhone XS

Posted by Brandon Azad, Project Zero In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ARM standard. I then demonstrate a way to use an arbitrary kernel read/write primitive to forge kernel...

Sensitive Data Exposure

Overview All versions of rails-session-decoder are missing verification of the Message Authentication Code appended to the cookies. This may lead to decryption of cipher text thus exposing encrypted information. Recommendation No fix is currently available. Consider using an alternative module...

The vulnerability of the FortiOS operating system’s SSL-VPN implementation, caused by errors in processing input data, allows a hacker to replace encrypted traffic with malicious data.

The vulnerability of the SSL-VPN implementation in the FortiOS operating system arises due to errors in processing input data. Exploiting this vulnerability allows a malicious actor to replace encrypted traffic using a specially generated MAC...

Security fix for the ALT Linux 8 package curl version 7.62.0-alt1

Oct. 31, 2018 Anton Farygin 7.62.0-alt1 - 7.62.0 - fixes: CVE-2018-16839 - buffer overrun in the SASL authentication code. CVE-2018-16840 - use-after-free in handle close CVE-2018-16842 - warning message out-of-buffer read...

Logic design loopholes in Guangdong's online ticketing app

Guangdong Network Ticketing APP is a ticketing software. A logical design vulnerability exists in the Guangdong Networked Ticketing APP. An attacker can log in to another user's system and perform unauthorized operations by capturing the authentication code in a packet...

ALPINE-CVE-2018-14618

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...

Override Access Vulnerability in Panavision E-Mobile

Panavision E-Mobile is a mobile office platform. An override access vulnerability exists in Panmicro E-Mobile. An attacker can use the vulnerability to modify the platform authentication code, obtain database information, lock the OA system and other operations...

Shanghai Shenglang Information Consulting Co., Ltd. Chatterbox APP has arbitrary number login vulnerability

Chatterbox is a location-based mobile video social app. Shanghai Shenglang Information Consulting Co., Ltd. Chatty Guest APP exists arbitrary number login vulnerability, the vulnerability is due to the server failed to verify the authentication code request number of times and time to do the limi...

CVE-2013-7400

The Direct Mail directmail extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes...

Debian DLA-1205-1 : simplesamlphp security update

The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure. CVE-2017-12867 The SimpleSAMLAuthTimeLimitedToken class allows attackers with access to a secret token to extend its validity period by...

CURL-CVE-2017-8816 NTLM buffer overflow via integer overflow

libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curlntlmcoremkntlmv2hash sums up the lengths of the username + password = SUM and multiplies the sum by two = SIZE to figure out how large storage to allocate from the heap. The SUM value is subsequently...

Umbrella Duo App for Android has logical design flaws

Umbrella Duo app is a shared umbrella rental application. Umbrella Duo App for Android has a logical design vulnerability that allows attackers to successfully log in by catching packets and brute-force breaking the authentication code...

Arbitrary User Registration Vulnerability in BBCBuilder E-Commerce System

BBCBuilder is a b2b2c model developed by Yuanfeng Company, which supports the e-commerce system of platform self-supporting and supplier store coexistence mode. Version 2.6.1 of the BBCBuilder e-commerce system contains an arbitrary user registration vulnerability that allows an attacker to...

Against DeviceGuard: in-depth analysis of the CVE-2017-0007-vulnerability warning-the black bar safety net

Over the past few months, I'm happy and Matt Graeber and Casey Smith together with the study Device Guard user-mode integrity UMCI around it. If you are not familiar with Device Guard, you can read: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide the. I...

Unverifiable Symmetric Encryption

spring-cloud-config has a flaw which allows malicious manipulation of symmetric encryptions. The vulnerability exists because its default symmetric encryption does not use a Message Authentication Code MAC to verify the authenticity of encrypted message...