Cisco IOS and IOS XE Proxy Certificate Validation Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A certificate validation vulnerability exists in the Cisco Network Plug-and-Play PnP agent in Cisco IOS and IOS XE, which stems from the program's failure to adequately validate certificates, and can b...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-503)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998 : - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

openSUSE Security Update : wpa_supplicant (openSUSE-2019-871)

This update for wpasupplicant provides the following fixes : This security issues was fixe : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused t...

GHSA-2FCH-JVG5-CRF6 Improper Input Validation python-gnupg

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

DEBIAN-CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

PYSEC-2019-45

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2017-1713

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

Code injection

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

CVE-2017-1713

IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632...

UBUNTU-CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2019-6690

CVE-2019-6690 affects python-gnupg 0.4.3. A context-dependent flaw lets an attacker, if they control the GnuPG passphrase and the ciphertext is trusted, cause decryption of ciphertext other than intended (CWE-20: Improper Input Validation). Impact described in sources includes manipulation of enc...

CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

I Was Cited in a Court Decision

An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption. Here's the first, in footnote 1: We understand the word "password" to be synonymous with other terms that cell phone user...

August 30, 2018—KB4343889 (OS Build 15063.1292)

August 30, 2018—KB4343889 OS Build 15063.1292 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes win32kfull.sys to stop working Stop 3B when cancelling journal...

SUSE-SU-2019:0600-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

50m-ctf: CTF Writeup - c8889970d9fb722066f31e804e351993

CTF Code: c8889970d9fb722066f31e804e351993 HackerOne $50M CTF Write-Up ============ I came across this tweet announcing the HackerOne CTF for invitations to the HackerOne event in Vegas during DEFCON. I tried searching for a URL for the CTF, but couldn't find anything online, so I assumed that th...

Multi Gather Ubiquiti UniFi Controller Backup

On an Ubiquiti UniFi controller, reads the system.properties configuration file and downloads the backup and autobackup files. The files are then decrypted using a known encryption key, then attempted to be repaired by zip. Meterpreter must be used due to the large file sizes, which can be flaky ...