5806 matches found
CVE-2017-12245
A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak...
CVE-2017-12245
A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak...
CVE-2017-12245
CVE-2017-12245 describes a memory-consumption DoS vulnerability in Cisco Firepower Threat Defense (FTD) Software’s SSL traffic decryption. Root cause: an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and communicates with the ASA handler, enabling an unauthentic...
PT-2017-12422 · Cisco · Cisco Ftd
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software versions 6.0.1 and later Description: A vulnerability in SSL traffic decryption could allow an unauthenticated, remote attacker to cause depletion of system memory, potentially leading to a denial o...
The vulnerability of the “ACTConfig” configuration file of the ABB PCM600 energy management and configuration tool allows a hacker to crack the password and gain access to the main application.
The vulnerability of the “ACTConfig” configuration file of the ABB PCM600 energy management and configuration tool is related to insufficient calculation of the password hash using a unreliable function with a hard-coded key and initialization vector. Exploiting this vulnerability allows an...
Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability
A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service DoS condition could develop because traffic can cease to be...
We need to talk about Session Tickets
More specifically, TLS 1.2 Session Tickets. Session Tickets, specified in RFC 5077, are a technique to resume TLS sessions by storing key material encrypted on the clients. In TLS 1.2 they speed up the handshake from two to one round-trips. Unfortunately, a combination of deployment realities and...
We need to talk about Session Tickets
More specifically, TLS 1.2 Session Tickets. Session Tickets, specified in RFC 5077, are a technique to resume TLS sessions by storing key material encrypted on the clients. In TLS 1.2 they speed up the handshake from two to one round-trips. Unfortunately, a combination of deployment realities and...
CVE-2017-9645
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...
CVE-2017-9645
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...
CVE-2017-9645
CVE-2017-9645 affects Mirion Technologies Telemetry Enabled Devices including DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX (and variants), DRM-1/2 (and variants), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater. Description: Inade...
CVE-2017-9645
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...
D-link ten vulnerabilities 0Day studies attach detailed procedures-vulnerability warning-the black bar safety net
Security researcher Pierre Kim recently revealed the D-Link DIR 850LAC1200-Type Dual-Band Gigabit cloud router is exposed 10 a safety score comprisesXSSattack invasion, shortage of proper firmware cover, back door and root mention the right. Here are 10 Safety scores are: Firmware to. The firmwar...
Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities
Overview Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying...
Stack overflow in PlugX RAT-vulnerability warning-the black bar safety net
Black Hat USA 2017@professorplum share a few rare RAT(Xtreme, the PlugX And Gh0st in the presence of flaws, the application of these flaws to be able to reverse the onslaught of C&C Server, here in the PlugX RAT, for example, to stop flaws in elucidating it. 1. Flaws elucidating 1.1 Delphi ! Plug...
CVE-2017-12735
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic...
Design/Logic Flaw
ZTE OX-330P, ZXHN H108N, W300V1.0.0SZRDTR1D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or...
CVE-2015-7255
CVE-2015-7255 concerns multiple ZTE devices (e.g., OX-330P, ZXHN H108N, MF28G, HG110, and others) that use non-unique X.509 certificates and SSH host keys. The underlying issue is the reuse of cryptographic material across devices, which can enable a remote attacker to impersonate a device or per...
CVE-2015-7255
ZTE OX-330P, ZXHN H108N, W300V1.0.0SZRDTR1D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or...
Multiple Westermo Routers Hardcoded Password Vulnerability
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...