5806 matches found
CVE-2017-13088
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key IGTK durin...
Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse
Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...
Key Reinstallation Attacks: Cryptographic/protocol attack against WPA2
Several vulnerabilities affect the Wi-Fi Protected Access II WPA2 protocol, potentially enabling Man-in-the-Middle MitM attacks between Wifi Clients and Access Points running WPA2 . The impact includes decryption, packet replay, TCP connection hijacking and HTTP content injection...
[ASA-201710-22] wpa_supplicant: man-in-the-middle
Arch Linux Security Advisory ASA-201710-22 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : wpasupplicant Type : man-in-the-middle...
Hitachi HIBUN Confidential File Decryption Program Untrustworthy Search Path Vulnerability (CNVD-2017-30835)
Hitachi HIBUN Confidential File Decryption program is a set of confidential file confidentiality program from Hitachi Solutions Japan. An untrustworthy search path vulnerability exists in Hitachi HIBUN Confidential File Decryption program versions prior to 10.50.0.5. The vulnerability can be...
Command injection
Version 4.40 of the TPM Trusted Platform Module firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration...
CVE-2017-10606
The CVE-2017-10606 entry concerns Juniper Networks SRX300 Series firewall TPM firmware 4.40. Connected CNVD-2017-32096 describes a vulnerability in TPM key generation that could allow an attacker to decrypt sensitive configuration data, affecting the SRX300 Series and no other platforms. The root...
CVE-2017-10863
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865...
Design/Logic Flaw
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865...
CVE-2017-10865
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863...
Design/Logic Flaw
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863...
CVE-2017-10863
Hitachi HIBUN Confidential File Decryption Program is affected by an untrusted search path vulnerability in versions prior to 10.50.0.5. The underlying issue allows a local attacker to gain privileges by placing a Trojan horse DLL in an exploitable directory, leveraged via a malicious DLL search ...
CVE-2017-10863
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865...
CVE-2017-10865
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863...
CVE-2017-10865
Hitachi HIBUN Confidential File Decryption Program (pre-10.50.0.5) is affected by an untrusted search path vulnerability that can allow a local attacker to escalate privileges by placing a Trojan DLL in an unsecured directory. The root cause is an untrusted search path during DL loading. The asso...
HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
Overview HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from JVN55516206. Yuji Tounai of NTT Communications...
JVN#58909026: HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the user running HIBUN Confidential File...
JVN#55516206: HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the user running HIBUN Confidential File...
CVE-2017-1339
IBM Spectrum Protect 7.1 and 8.1 formerly Tivoli Storage Manager Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force I...
Design/Logic Flaw
A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak...