2876 matches found
Bots Tampering with TLS to Avoid Detection
Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are...
Cryptanalysis of SIMON-32/64
A weird paper was posted on the Cryptology ePrint Archive working link is via the Wayback Machine, claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a...
EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)
According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttl...
EulerOS Virtualization for ARM 64 3.0.1.0 : python (EulerOS-SA-2019-1403)
According to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an...
EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1547)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509...
EulerOS 2.0 SP3 : openssl110f (EulerOS-SA-2019-1328)
According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value...
Sandbox Restrictions Bypass
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...
Timing Side-Channel
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timin...
SUSE-SU-2018:3776-2 Security update for openssh
This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
Insecure Cipher Suites
excon uses insecure SSL cipher suites. The usage of insecure 3DES ciphers enables a remote attacker to carry out man-in-the-middle attacks...
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)
Introduction Exploit Title: Rabbit Shellcode Crypter Date: 24.4.2019 Exploit Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Description: Crypter which encrypts, decrypts and executes given shellcode using Rabbit symmetric cipher Keep in mind before use 1. Max...
Zombie POODLE and GOLDENDOODLE Vulnerabilities
Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...
CVE-2019-1543
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...
CVE-2019-7477
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0...
CVE-2019-7477
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0...
Code injection
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0...
CVE-2019-7477
CVE-2019-7477 is a vulnerability in SonicWall SonicOS and SonicOSv TLS CBC cipher suites that allows remote attackers to obtain sensitive plaintext data when CBC ciphers are enabled. Affected products and versions include SonicOS Gen 5 (5.9.1.10 and earlier) and Gen 6 (6.2.7.3, 6.5.1.3, 6.5.2.2, ...
SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability
A vulnerability in SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...
openSUSE Security Update : java-11-openjdk (openSUSE-2019-818)
This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.1+13 Oracle October 2018 CPU Security fixes : - S8202936, CVE-2018-3183, bsc1112148: Improve script engine support - S8199226, CVE-2018-3169, bsc1112146: Improve field accesses - S8199177, CVE-2018-3149,...