CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078...

SUSE-SU-2019:1088-1 Security update for wpa_supplicant

This update for wpasupplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

Code injection

IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.36, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294...

CVE-2018-1925

IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925...

CVE-2018-1925

IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

EulerOS Virtualization 2.5.4 : wpa_supplicant (EulerOS-SA-2019-1194)

According to the version of the wpasupplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Ke...

Roaming Mantis, part IV

One year has passed since we published the first blogpost about the Roaming Mantis campaign on securelist.com, and this February we detected new activities by the group. This blogpost is follow up on our earlier reporting about the group with updates on their tools and tactics. Mobile config for...

openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-1105)

This update for openssl-100 fixes the following issues : Security issues fixed : - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respo...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2019:0803-1)

This update for openssl fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

CVE-2019-1748

A vulnerability in the Cisco Network Plug-and-Play PnP agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates...

Cisco IOS and IOS XE Proxy Certificate Validation Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A certificate validation vulnerability exists in the Cisco Network Plug-and-Play PnP agent in Cisco IOS and IOS XE, which stems from the program's failure to adequately validate certificates, and can b...

0CTF 2019 zero_task conditions for competition use-vulnerability warning-the black bar safety net

Foreword 0CTF2019 pwn title zerotask, the difficulty in pwn title in the most low, vulnerability for the type of conditions of competition. 2. Title protection ! Full protection turned on 3. Title function Topic implements an encryption and decryption function, a total of three functions. ! 1...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-503)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998 : - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

openSUSE Security Update : wpa_supplicant (openSUSE-2019-871)

This update for wpasupplicant provides the following fixes : This security issues was fixe : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused t...

GHSA-2FCH-JVG5-CRF6 Improper Input Validation python-gnupg

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

DEBIAN-CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...