Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20181030)

Security Fixes : - wpasupplicant: Unauthenticated EAPOL-Key decryption in wpasupplicant CVE-2018-14526 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid119202; scriptversion"1.5";...

CVE-2018-9073

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

CVE-2018-9073

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

CVE-2018-9073 CMM Security Vulnerability

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net

Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...

Armor - Tool Designed To Create Encrypted macOS Payloads Capable Of Evading Antivirus Scanners

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Below is an example gif of Armor being used with a simple Netcat payload. A Netcat listener is started on port 4444. The "payload.txt" file is read and shown to contain a simple Bash...

Oracle Linux 7 : wpa_supplicant (ELSA-2018-3107)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3107 advisory. - Ignore unauthenticated encrypted EAPOL-Key data CVE-2018-14526 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...

Cradlepoint Router Password Disclosure

Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities were reported to Cradlepoint in august. A hardcoded password allows you to retrieve sensitive...

CVE-2018-15317

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients will be unable to access the...

The vulnerability in the implementation of the TLS protocol in the FortiOS operating system allows a attacker to decrypt messages without knowing the secret key, thereby carrying out a “man-in-the-middle” attack.

Vulnerability of the TLS protocol implementation in the FortiOS operating system, caused by deficiencies in the implementation of the encryption algorithm. Exploiting this vulnerability allows a malicious actor to decrypt messages without knowing the secret key, thereby carrying out a...

Yi Technology Home Camera 27US Firmware 7z CRC Collision Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this...

wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

openSUSE Security Update : wpa_supplicant (openSUSE-2018-1316)

This update for wpasupplicant provides the following fixes : This security issues was fixe : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused t...

openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2018:3539-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for wpa_supplicant (moderate)

This update for wpasupplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20181025)

This update upgrades Firefox to version 60.3.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 - Mozilla: Crash with nested event loops CVE-2018-12392 - Mozilla: Integer overflow during Unicode conversion while loading JavaScript...

EulerOS Virtualization 2.5.1 : gnupg2 (EulerOS-SA-2018-1324)

According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be...

Shellcode-Encrypter-Decrypter - Shellcode Encrypter & Decrypter By Using XOR Cipher To Encrypt And Decrypt Shellcode

A Shellcode Encrypter & Decrypter, Using XOR Cipher to enc and dec shellcode. Installation git clone https://github.com/blacknbunny/Shellcode-Encrypter-Decrypter.git && python enc.py --help Usage Example Encryption: python encdecshellcode.py --shellcode \x41\x41\x42\x42 --key SECRETKEY --option...

Security Bulletin: IBM RackSwitch firmware products are affected by information disclosure vulnerability (CVE-2014-8730)

Summary IBM RackSwitch firmware products listed below have addressed the following TLS padding information disclosure vulnerability. Vulnerability Details CVEID: CVE-2014-8730 DESCRIPTION: Multiple F5 products could allow a remote attacker to obtain sensitive information, caused by the failure to...