2877 matches found
Pulsar - Data Exfiltration And Covert Communication Tool
Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets. Setting up...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IMS™ Enterprise Suite: SOAP Gateway (CVE-2015-4000)
Summary The Logjam Attack on TLSTransport Layer Security connections using the Diffie-Hellman DH key exchange protocol affects IMS™ Enterprise Suite: SOAP Gateway. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: Vulnerability in RC4 stream cipher affects IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-2808)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. This bulletin also addresse...
Security Bulletin: The LogJam Attack on Diffie-Hellman ciphers (CVE-2015-4000) affects some versions of the DS8000.
Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 affects some versions of the DS8000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT...
Security Bulletin: Vulnerability in RC4 stream cipher affects DS8000 (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects DS8000 Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...
DEBIAN-CVE-2022-29242
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...
UBUNTU-CVE-2022-29242
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...
new packages: plexus-cipher
An update is available for plexus-cipher. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
GHSA-39VM-P9MR-4R27 Beaker Sensitive Information Disclosure vulnerability
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
GHSA-P836-389H-J692 Improper Access Control in Apache Shiro
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
GHSA-8353-FGCR-XFHX Improper Input Validation in Bouncy Castle
The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...
Missing Cryptographic Step in OWASP Enterprise Security API for Java
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...
Man-in-the-Middle (MitM)
openssl3 is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists because implementing the RC4-MD5 cipher suite incorrectly uses the AAD data as the MAC key, allowing an attacker to perform a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL...
maven:3.6 security and enhancement update
An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...
OpenSSL Encryption Problem Vulnerability (CNVD-2022-37790)
OpenSSL is an open source general-purpose cryptographic library from the Openssl team capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure...
CVE-2021-34558
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
CVE-2022-20742
Cisco ASA Software and Firepower Threat Defense (FTD) Software contain an IPsec IKEv2 VPN information disclosure vulnerability (CVE-2022-20742) due to improper GCM cipher implementation. An unauthenticated, remote attacker in a man-in-the-middle position can intercept encrypted messages across an...
CVE-2022-1434
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: The crehash script allows command injection CVE-2022-1292 Moderate The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On...
CVE-2022-20742
A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...