CVE-2017-1664

Summary: CVE-2017-1664 affects IBM Security Key Lifecycle Manager (Tivoli Key Lifecycle Manager) versions 2.5–2.7. The root cause is use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Impact: Confidentiality of data could b...

SonicWall SonicOS NSA - Bypass & Persistent Vulnerability

Document Title: =============== SonicWall SonicOS NSA - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1729 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5281...

ROBOT attack against PAN-OS

ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...

ROBOT attack against PAN-OS

ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...

CVE-2017-17910

On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The intercepti...

DEBIAN-CVE-2017-17844

An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block that the attacker cannot directly decrypt to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted...

Enigmail Information Disclosure Vulnerability

Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and SeaMonkey web packages that provides OpenPGP's email public key encryption and signing capabilities. An information disclosure vulnerability exists in versions of Enigmail prior to 1.9.9. A remote attacker could...

CVE-2017-1598

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611...

Hyperfox - HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation

Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN. Hyperfox is capable of forging SSL certificates on the fly if you provide it with a root CA certificate and its corresponding key. If the target machine recognizes the root CA as trusted, then HTTPs...

CVE-2017-12373

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series ASA 5505, 5510, 5520, 5540, and 5550 devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat ROBOT attack. An attacker could iterative...

Radware Alteon Information Disclosure Vulnerability

Radware Alteon is an application delivery controller product from Radware Israel. A security vulnerability exists in Radware Alteon using firmware versions 31.0.0.0 through 31.0.3.0. An attacker could exploit the vulnerability to decrypt observed traffic and perform other private key operations...

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Information Disclosure Vulnerability

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway formerly known as Citrix Access Gateway Enterprise Edition are both products of Citrix Systems. NetScaler ADC is a service and application delivery solution Application Delivery Controller; NetScaler Gateway is a secure...

Code injection

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a...

CVE-2017-17382

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a...

CVE-2017-17382

CVE-2017-17382 affects Citrix NetScaler ADC and NetScaler Gateway (versions 10.5 before 67.13, 11.0 before 71.22, 11.1 before 56.19, and 12.0 before 53.22). The root cause is a Bleichenbacher RSA padding oracle that could allow a remote attacker to decrypt TLS ciphertext, i.e., a ROBOT-style atta...

DEBIAN-CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

UBUNTU-CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

iSmartAlarm CubeOne Log File Decryption Vulnerability

The iSmartAlarm CubeOne is a smart home center control device from iSmartAlarm USA. A security vulnerability exists in the firmware of iSmartAlarm CubeOne 2.2.4.8 and earlier versions. An attacker can exploit the vulnerability to decrypt log files...

CEMLink 6 Unrestricted WSDL Service Access / Poor Crypto Implementation Vulnerabilities

CEMLink 6 suffers from having unrestricted WSDL service access and a weak mechanism for password storage. Exploit Title: CEMLink6 multiple vulnerabilities Date Reported to vendor: 8/2/2017 Vendor never replied Exploit Author: email protected Vendor Homepage:...