GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability h...

First Depositor Attack is possible by front-running mip00 script execution

Lines of code Vulnerability details Overview The First Depositor Attack Within the context of Compound v2, a First Depositor Attack occurs when an attacker becomes the inaugural minter of a cToken. This enables them to establish the first exchange rate between the underlying asset and the cToken...

Multiple Vulnerabilities in Hitachi Device Manager

Overview Multiple vulnerabilities have been found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator...

Potential file overwrite if archive filename starts with file://

I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses ArchiveTar internally, I found that...

Arbitrary File Deletion Vulnerability in Hitachi Command Suite

Overview An arbitrary file deletion vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

AI Emotion-Detection Arms Race

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI...

The Pitfalls of Keeping Your Ports Wide Open

By David Balaban Based on security assessment results, penetration testers often recommend hiding an enterprise network’s ports behind a whitelist. However, corporate IT teams don’t always understand the need for such a countermeasure. Even some admins and DevOps specialists with tons of experien...

Problem with directory permissions in JP1/Operations Analytics

Overview A problem with directory permissions was found in JP1/Operations Analytics. Impact Regarding the impact of the vulnarability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Design/Logic Flaw

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...

RSA-CRT key leak under certain conditions

FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA signature is corrupted...

Radancy: RC4 cipher suites detected

A group of researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical fla...

Synology DSM 4.3-3810 - Directory Traversal

Synology DSM 4.3-3810 - Directory Traversal Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again he...

Cisco VoIP Hacker Urges Closer Look at Firmware Security Vulnerabilities

Ang Cui’s “Funtenna” is just the latest eye-opener into the security of embedded networked devices such as printers, VoIP phones, routers and other core, connected infrastructure. The Columbia University PhD candidate’s recent hack of a Cisco-branded VoIP phone demonstrates the risk posed by...

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This plugin tries to establish an SSL/TLS remote...

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...

Data Transfer Control Process Cessation Issue in XFIT/S/JCA and XFIT/S/ZGN

Overview Data transfer control process in XFIT/S/JCA or XFIT/S/ZGN would shut down when the designated port receives data unexpectedly. Impact Data transfer control process would shut down when XFIT/S/JCA or XFIT/S/ZGN receives data unexpectedly. Solution Please refer to the 'Vendor Information'...

DSA-1623-1 dnsmasq - cache poisoning

Bulletin has no description...

CVE-2001-1382

OpenSSH prior to 2.9.9p2 is affected by an echo simulation traffic analysis countermeasure that sends an extra echo packet after password/Carriage Return. This could let a remote attacker determine that the countermeasure is being used. Upgrade to OpenSSH 2.9.9p2 or later (as indicated by the CVE...

PT-2001-2496 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 2.9.9p2 Description: The issue concerns the "echo simulation" traffic analysis countermeasure in OpenSSH. This countermeasure sends an additional echo packet after the password and carriage return is entered. As a...