Information Disclosure

Firefox is vulnerable to information disclosure attacks. While hashed codes of JavaScript objects are shared between pages a remote user can determine an object's address via shared hash codes. This may lead to disclose of sensitive information from the target system...

OPENSUSE-SU-2019:1172-1 Security update for ovmf

This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe bsc1130267. - CVE-2018-12181: Fixed a stack buffer overflow in the...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

CVE-2019-9860

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control FUBE50014 or FUBE50015 relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are n...

CVE-2019-9860

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control FUBE50014 or FUBE50015 relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are n...

Design/Logic Flaw

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control FUBE50014 or FUBE50015 relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are n...

CVE-2019-9863

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way...

Design/Logic Flaw

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way...

CVE-2019-9860

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control FUBE50014 or FUBE50015 relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are n...

CVE-2019-9860

CVE-2019-9860 maps to ABUS Secvest legacy system components: wireless remote controls FUBE50014/FUBE50015 and the FUAA50000 3.01.01 alarm, with a root cause of unencrypted signal communication and easily guessable rolling codes. This allows an attacker to desynchronize the remote from the alarm, ...

CVE-2019-9863

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way...

CVE-2019-9863

CVE-2019-9863 concerns the ABUS Secvest wireless alarm system FUAA50000 (v3.01.01) and its remote controls FUBE50014/FUBE50015. The root cause is an insecure algorithm used for rolling codes, which enables an attacker to predict valid future rolling codes and remotely control the alarm system in ...

openSUSE Security Update : Mozilla Firefox (openSUSE-2019-1004)

This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs. Security issues fixed as part of the MFSA 2018-30 advisory boo1119105 : - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element -...

Debian DLA-1728-1 : openssh security update

Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer. CVE-2018-20685 In scp.c, the scp client allowed remote SSH servers to bypass intended access restrictions via the filename of . or an empty...

ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 Denial of Service Vulnerabilities

ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 are both wireless remote controls from ABUS Germany. A security vulnerability exists in the ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 due to unencrypted signal communication and the use of easily guessable scrolling codes. An attacker coul...

Denial of Service Vulnerability in S7 300 CPU319-3/CP343-1

Siemens China Ltd. is focused on electrification, automation and digitalization. A denial of service vulnerability exists in S7 300 CPU319-3/CP343-1, where an attacker can cause the PLC CPU module and CP module to go down, requiring a manual reboot of the PLC to recover. Other sub-function codes...

eCar Insurance Coverage App Has Logic Flaw Vulnerability

eCar Insurance is a mobile Internet car insurance software application platform developed by Chengdu Zhongtong Technology Co. eCar Insurance APP has a logic flaw vulnerability, the vulnerability stems from the SMS verification code in the data return packet plaintext display, the attacker can use...

Design/Logic Flaw

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm...

CVE-2019-9659

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm...

openSUSE Security Update : supportutils (openSUSE-2019-293)

This update for supportutils fixes the following issues : Security issues fixed : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...