FreeBSD : OpenSSL -- ChaCha20-Poly1305 nonce vulnerability (e56f2f7c-410e-11e9-b95c-b499baebfeaf)

The OpenSSL project reports : Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length...

Design/Logic Flaw

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

OpenSSL -- ChaCha20-Poly1305 nonce vulnerability

The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...

Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware

UPDATE An Iran-linked APT known as Chafer has been spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a very unique approach to communication by using the Microsoft Background Intelligent Transfer Service BITS mechanism over HTTP. Meanwhile th...

Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free Exploit

Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesn’t correctly check the validity of a handle to a section...

Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free

Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesn’t correctly check the validity of a handle to a section...

Fedora 28 : elfutils (2018-1eec1f0d17)

Fixes CVE-2018-16062, CVE-2018-16402 and CVE-2018-16403. unstrip: Handle SHTGROUP sections. strip: Handle mixed out of order allocated/non-allocated sections. elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits suid on rewrite. libelf,...

Fedora 29 : elfutils (2018-32c8599fe1)

Fixes CVE-2018-16062, CVE-2018-16402 and CVE-2018-16403. unstrip: Handle SHTGROUP sections. strip: Handle mixed out of order allocated/non-allocated sections. elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits suid on rewrite. libelf,...

DEBIAN-CVE-2018-20546

There is an illegal READ memory access at caca/dither.c function getrgbadefault in libcaca 0.99.beta19 for the default bpp case...

DEBIAN-CVE-2018-20547

There is an illegal READ memory access at caca/dither.c function getrgbadefault in libcaca 0.99.beta19 for 24bpp data...

UBUNTU-CVE-2018-20546

There is an illegal READ memory access at caca/dither.c function getrgbadefault in libcaca 0.99.beta19 for the default bpp case...

UBUNTU-CVE-2018-20545

There is an illegal WRITE memory access at common-image.c function loadimage in libcaca 0.99.beta19 for 4bpp data...

UBUNTU-CVE-2018-20547

There is an illegal READ memory access at caca/dither.c function getrgbadefault in libcaca 0.99.beta19 for 24bpp data...

The vulnerability of the ReadImage function in the GIMP graphic editor, which involves reading beyond the buffer limit of memory, allows attackers to cause service failures, undermine data integrity, and compromise confidentiality.

The vulnerability of the ReadImage function in the GIMP graphic editor’s plug-ins/common/file-tga.c file is related to the issue of writing out images from memory beyond the buffer boundary when reading RGBA images that contain non-standard pixel bit values. Exploiting this vulnerability can allo...

Linux Kernel 4.4 rtnetlink Stack Memory Disclosure

/ Briefs - CVE-2016-4486 has discovered and reported by Kangjie Lu. - This is local exploit against the CVE-2016-4486. Tested version - Distro : Ubuntu 16.04 - Kernel version : 4.4.0-21-generic - Arch : x8664 Prerequisites - None Goal - Leak kernel stack base address of current process by...

CVE-2018-20189

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping which is not available beyond 8-bits/sample, and therefore lacks indexes...

Cloud Foundry Bits Service Information Disclosure Vulnerability

Cloud Foundry Bits Service is a program from the Cloud Foundry Foundation that encapsulates "bit manipulation" into a separately scalable service. An information disclosure vulnerability exists in Cloud Foundry Bits Service versions prior to 2.18.0, which can be exploited by a remote attacker to...

Information Disclosure

github.com/cloudfoundry-incubator/bits-service is vulnerable to information disclosure. An insecure string comparison function allows a remote attacker to brute-force the signing key by analyzing the process response and determine the signing key to gain full access to the Bits Service storage...

CVE-2018-15800

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage...

CVE-2018-15800

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage...