CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

OPC Foundation UA Client Applications Information Disclosure Vulnerability

OPC Foundation UA Client Applications is a platform-independent, service-oriented, unified architecture client application from the OPC OLE for Process Control Foundation. An information disclosure vulnerability exists in OPC Foundation UA Client Applications, which arises from the program failin...

CVE-2018-18203

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker with physical access to the vehicle's USB ports the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images as lo...

Mbed TLS -- Local timing attack on RSA decryption

Janos Follath reports: An attacker who can run code on the same machine that is performing an RSA decryption can potentially recover the plaintext through a Bleichenbacher-like oracle...

CVE-2018-7959

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak...

Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20181030)

Security Fixes : - wpasupplicant: Unauthenticated EAPOL-Key decryption in wpasupplicant CVE-2018-14526 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid119202; scriptversion"1.5";...

CVE-2018-9073

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

CVE-2018-9073

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

CVE-2018-9073 CMM Security Vulnerability

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net

Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...

Armor - Tool Designed To Create Encrypted macOS Payloads Capable Of Evading Antivirus Scanners

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Below is an example gif of Armor being used with a simple Netcat payload. A Netcat listener is started on port 4444. The "payload.txt" file is read and shown to contain a simple Bash...

Oracle Linux 7 : wpa_supplicant (ELSA-2018-3107)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3107 advisory. - Ignore unauthenticated encrypted EAPOL-Key data CVE-2018-14526 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...

Cradlepoint Router Password Disclosure

Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities were reported to Cradlepoint in august. A hardcoded password allows you to retrieve sensitive...

CVE-2018-15317

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients will be unable to access the...

The vulnerability in the implementation of the TLS protocol in the FortiOS operating system allows a attacker to decrypt messages without knowing the secret key, thereby carrying out a “man-in-the-middle” attack.

Vulnerability of the TLS protocol implementation in the FortiOS operating system, caused by deficiencies in the implementation of the encryption algorithm. Exploiting this vulnerability allows a malicious actor to decrypt messages without knowing the secret key, thereby carrying out a...

Yi Technology Home Camera 27US Firmware 7z CRC Collision Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this...

wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

openSUSE Security Update : wpa_supplicant (openSUSE-2018-1316)

This update for wpasupplicant provides the following fixes : This security issues was fixe : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused t...

openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2018:3539-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...