CVE-2018-7958

CVE-2018-7958 affects Huawei eSpace products (eSpace/7950 series as described in CNVD/CVE listings). Description: an anonymous TLS cipher suite is supported, enabling an unauthenticated, remote attacker to perform a man-in-the-middle attack and hijack the connection during user sign-up/login over...

CVE-2018-7958

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

Signature Verification Bypass

jwt-scala is vulnerable to a signature verification bypass. A malicious user can pass a token that declares the cipher type to be NONE or any HS cipher type in the header to the system, passing it off as a correctly signed token...

SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3781-1)

This update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...

Code injection

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 in 4.0.x series and versions prior to 4.1.6.2 in 4.1.x series contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service DoS on TLS clients during the handshake when a very large prime value is se...

CVE-2018-15769

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 in 4.0.x series and versions prior to 4.1.6.2 in 4.1.x series contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service DoS on TLS clients during the handshake when a very large prime value is se...

SUSE-SU-2018:3776-1 Security update for openssh

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...

Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

python security and bug fix update

2.7.5-76.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-76 - Remove an unversioned obsoletes tag Resolves: rhbz1627059 2.7.5-75 - Provide the /usr/libexec/platform-python symlink to the main binary Resolves: rhbz1599159 2.7.5-74 - Fix OSERROR 17 due to...

Debian: Security Advisory (DLA-1560-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service

The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AFALG-based skcipher interface to cause a denial of service uninitialized-memory free and kernel crash or have an unspecified othe...

kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service

The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AFALG-based skcipher interface to cause a denial of service uninitialized-memory free and kernel crash or have an unspecified othe...

Shellcode-Encrypter-Decrypter - Shellcode Encrypter & Decrypter By Using XOR Cipher To Encrypt And Decrypt Shellcode

A Shellcode Encrypter & Decrypter, Using XOR Cipher to enc and dec shellcode. Installation git clone https://github.com/blacknbunny/Shellcode-Encrypter-Decrypter.git && python enc.py --help Usage Example Encryption: python encdecshellcode.py --shellcode \x41\x41\x42\x42 --key SECRETKEY --option...

Security Bulletin: IBM RackSwitch firmware products are affected by information disclosure vulnerability (CVE-2014-8730)

Summary IBM RackSwitch firmware products listed below have addressed the following TLS padding information disclosure vulnerability. Vulnerability Details CVEID: CVE-2014-8730 DESCRIPTION: Multiple F5 products could allow a remote attacker to obtain sensitive information, caused by the failure to...

SUSE SLES12 Security Update : curl (SUSE-SU-2018:1327-2)

This update for curl fixes several issues : Security issues fixed : CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client bsc1092098 Non security issues fixed: If the DEFAULTSUSE cipher list is not available use the HIGH cipher alias before failing. bsc1086825 No...

SUSE-SU-2018:1327-2 Security update for curl

This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client bsc1092098 Non security issues fixed: - If the DEFAULTSUSE cipher list is not available use the HIGH cipher alias before failing. bsc1086825...

U.S. Dept Of Defense: Unencrypted __VIEWSTATE parameter in a DoD website

Hi there i realise that the information passing to the server in the subdomain http://████████ can be seen without any encryption thought the VIEWSTATE Parameter. To reduce the change of someone interception the information the parameter should be encrypted due to the sensivity of the information...

2018 Flare-On Challenge Solutions

We are pleased to announce the conclusion of the fifth annual Flare-On Challenge. The numbers are in and we can safely say that this was by far the most difficult challenge we’ve ever hosted. We plan to reduce the difficulty next year, so it may be that the 114 people who solved this year’s...

Security Bulletin: An OpenSSL vulnerability could affect IBM Performance Management products (CVE-2016-2183)

Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Functional Tester's Extension for Terminal-based Applications (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" attack may affect "Extension for Terminal-based Applications" a.k.a FTE that are shipped with Rational Functional Tester. Vulnerability Details CVEID: CVE-2015-2808 Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote...