CVE-2019-10920

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...

Siemens LOGO! 8 BM (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Improper Handling of Extra Values, Plaintext Storage of a Password 2. UPDATE INFORMATION This updated...

openSUSE Security Update : wpa_supplicant (openSUSE-2019-1345)

This update for wpasupplicant fixes the following issues : This security issue was fixed : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)

Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2019-1559 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts...

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

EulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-1325)

According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then...

Design/Logic Flaw

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

Ubuntu 18.04 LTS : python-gnupg vulnerabilities (USN-3964-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3964-1 advisory. Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the...

DEBIAN-CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

Design/Logic Flaw

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

CVE-2018-12404

CVE-2018-12404 is a cached side‑channel/Bleichenbacher variant affecting NSS TLS PKCS#1 v1.5 padding that could allow decryption of content. The vulnerability affects NSS versions prior to 3.41 (per the connected IBM/DEBIAN/ALAS advisories) and is addressed by upgrading NSS components to a fixed ...

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

USN-3964-1: python-gnupg vulnerabilities

Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. CVE-2018-12020 It was discovered that python-gnupg incorrectly handled the GPG...

Buffer Underflow

Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or...

CVE-2018-1608

IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798...

CVE-2018-1608

IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798...

CVE-2018-1608

CVE-2018-1608 affects IBM Rational Engineering Lifecycle Manager (REL M) 6.0–6.0.6. The flaw stems from using weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Affected versions are RELM 6.0 through 6.0.6. The IBM bulletin and NV...

Design/Logic Flaw

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any...

SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2019:1088-1)

This update for wpasupplicant fixes the following issues : This security issue was fixed : CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...