CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

Ransomware Hits Dental Data Backup Service Offering Ransomware Protection

THIS WEEK IN THE IRONIC NEWS: DDS Safe, an online cloud-based data backup system that hundreds of dental practice offices across the United States are using to safeguard medical records and other information of their patients from ransomware attacks has been hit with ransomware. Provided by two...

The vulnerability of the SymCrypt library in the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the SymCrypt library in the Windows operating system is related to errors in cryptographic transformations. Exploiting this vulnerability can allow an attacker to disclose protected information during the OAEP decryption process...

Invalid Curve Attack in openpgp

Versions of openpgp prior to 4.3.0 are vulnerable to an Invalid Curve Attack. The package's implementation of ECDH fails to verify the validity of the communication partner's public key. The package calculates the resulting key secret based on an altered curve instead of the specified elliptic...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

ECDH Private Key Disclosure

openpgp.js is vulnerable to ECDH Private Key disclosure. The vulnerability exists due to an invalid curve attack resulted from allowing an attacker to forge messages to gain feedback on whether a decryption is successful...

CVE-2019-9155

A cryptographic issue in OpenPGP.js =4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key...

Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors. Extended documentation: http://kiminewt.github.io/pyshark Python2 deprecation - This package no longer supports Python2. If you wish to still use it in Python2, you can: Use version 0.3.8 Install pyshark-legacy...

CVE-2019-1171

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected...

Information disclosure

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage, aka 'SymCrypt Information Disclosure Vulnerability'...

CVE-2019-1171

CVE-2019-1171 is an information-disclosure vulnerability in SymCrypt during OAEP decryption. The underlying issue is in OAEP decoding operations, allowing an attacker who can log on to an affected system to obtain information that could aid further compromise. The CVE does not enable code executi...

DEBIAN-CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

SymCrypt Information Disclosure Vulnerability

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected...

PT-2019-2998 · Symantec +1 · Symcrypt +1

Name of the Vulnerable Software and Affected Versions: SymCrypt affected versions not specified Description: An information disclosure issue exists in SymCrypt during the OAEP decryption stage, allowing an attacker to obtain information that could be used to further compromise the user's system. ...

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

openssl security and bug fix update

1.0.2k-19.0.1 - Bump release for rebuild. 1.0.2k-19 - close the RSA decryption 9 lives of Bleichenbacher cat timing side channel 1649568 1.0.2k-18 - fix CVE-2018-0734 - DSA signature local timing side channel - fix CVE-2019-1559 - 0-byte record padding oracle - close the RSA decryption One & done...

NewStart CGSL MAIN 4.05 : gnupg2 Vulnerability (NS-SA-2019-0135)

The remote NewStart CGSL host, running version MAIN 4.05, has gnupg2 packages installed that are affected by a vulnerability: - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg...

NewStart CGSL CORE 5.04 / MAIN 5.04 : gnupg2 Vulnerability (NS-SA-2019-0023)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnupg2 packages installed that are affected by a vulnerability: - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages...

Hackers Could Decrypt Your GSM Phone Calls

Researchers have discovered a flaw in the GSM standard used by AT and T-Mobile that would allow hackers to listen in...

Breaking (bad) firmware encryption. Case study on the Netgear Nighthawk M1

TL;DR The firmware encryption for the Netgear Nighthawk M1 is mainly XOR. It’s possible to derive the XOR key by statistical analysis, just from the firmware update file itself. It’s then possible to extract an AES key from what’s XOR’d, which can be used to decrypt other parts of the firmware...