Design/Logic Flaw

A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process consumes a high level of CPU resources. Affected Products...

PT-2017-16156 · Cisco · Cisco Firepower System

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software versions 6.0.0 through 6.2.1 Description: A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets could allow an unauthenticated, remote attacker to cause a denial of service DoS...

CVE-2017-6339

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority CA and dynamically generates digital certificates that are sent to client browsers to...

Improper access control

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

CVE-2017-6338

CVE-2017-6338 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746. Affected component/issue: multiple access control flaws that let an authenticated, low-privilege remote user (e.g., Reports Only or Auditor) modify FTP Access Control Settings, create/modify rep...

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom NMR project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National...

CVE-2017-7307

Riverbed RiOS before 9.0.1 is vulnerable to an elevation-of-privilege in which shell access is not properly restricted in single-user mode. An attacker with physical proximity can replace the /opt/tms/bin/cli binary to obtain root privileges and access decrypted data. The CVSS data indicates high...

Github enterprise remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Right now, almost everyone in the use of GitHub. If you have a lot of Green Paper or for your own code very paranoid, then you can run your own GitHub. Paid$ 2500 dollars, you can get a GitHub Enterprise version for 10 users for one year. In fact, Github enterprise is a virtual machine, but...

Keys for Dharma Ransomware Released

Victims of the Dharma strain of ransomware can now get their files back, free of charge. Decryption keys for the ransomware were added to the Kaspersky Lab’s Rakhni decryptor tool Thursday morning. Dharma ransomware .dharma decryptor released pic.twitter.com/sIQorypOzj — Anton Ivanov @antonivanov...

The vulnerability of the iOS operating system, which allows a hacker to facilitate the process of file decryption

The vulnerability of the iTunes Backup component in the iOS operating system is related to incorrect hashing of passwords. Exploiting this vulnerability can allow a malicious actor to facilitate the decryption process for files remotely...

CVE-2016-2879

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference : 1997341...

Design/Logic Flaw

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference : 1997341...

CVE-2016-2879

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference : 1997341...

AES - Critical - Unsupported - SA-CONTRIB-2017-027

This module provides an API that allows other modules to encrypt and decrypt data using the AES encryption algorithm. The module does not follow requirements for encrypting data safely. An attacker who gains access to data encrypted with this module could decrypt it more easily than should be...

crackle - Crack Bluetooth Smart (BLE) Encryption

crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files...

CVE-2016-4685

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files...

CVE-2016-4685

CVE-2016-4685 affects iOS versions before 10.1, in the iTunes Backup component where a weak password hashing method was used for encrypted backups, enabling easier recovery of the backup password and thus decryption of files. Apple’s security content for iOS 10.1 states the weak hash was removed,...