Command injection

Cisco NX-OS 1.11g on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391...

CVE-2015-4213

Cisco NX-OS 1.11g on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391...

Cisco Nexus 9000 Series Software Password Exposure Vulnerability

A vulnerability in Cisco Nexus 9000 Series Software could allow an authenticated, remote attacker to expose passwords in plain text format. The vulnerability is due to older versions of the affected software retaining the ability to decrypt passwords. An attacker could exploit this vulnerability ...

SUSE-SU-2015:0547-1 Security update for compat-openssl097g

OpenSSL was updated to fix several security issues: CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was fixed...

SUSE-SU-2015:1183-2 Security update for compat-openssl097g

OpenSSL was updated to fix several security issues: CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was fixed...

SUSE-SU-2015:1143-1 Security update for openssl

This update of openssl fixes the following security issues: - CVE-2015-4000 bsc931698 The Logjam Attack / weakdh.org reject connections with DH parameters shorter than 1024 bits generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 Malformed ECParameters causes infinite loop -...

Toshiba CHEC Built-in Encryption Key Information Disclosure Vulnerability

Toshiba CHEC is a product of Toshiba Corporation. Toshiba CHEC has a security vulnerability due to the inclusion of a built-in encryption key in the CreateBossCredentials.jar file. This allows an attacker with access to bossinfo.pro to decrypt content, including BOSS database information, using t...

SUSE-SU-2015:1179-1 Security update for libgcrypt

This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption CVE-2014-3591 FIPS 140-2 related changes: The library performs its self-tests when the module is complete the -hmac file is also...

Ubuntu: Security Advisory (USN-2631-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2631-1)

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A privilege escalation was discovered in the fork syscall via t...

Oracle Linux 6 : kernel (ELSA-2015-1081)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1081 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202860 1185166 CVE-2015-1805 - x86 crypto: aesni - fix memory usage in...

Ubuntu: Security Advisory (USN-2613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-2998

SysAid Help Desk (before version 15.2) is affected by CVE-2015-2998 due to a hardcoded encryption key used to encrypt sensitive data. The vulnerability allows remote attackers to obtain sensitive information by decrypting the database password stored in WEB-INF/conf/serverConf.xml, as demonstrate...

Author Behind Ransomware Tox Calls it Quits, Sells Platform

Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...

Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)

According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.13, 6.0.x prior to 6.0.9, or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL library : - A security feature bypass...

Machines Infected by Locker Ransomware Decrypted

Update: Computers infected by the Locker crypto-ransomware were today decrypted as promised by the malware’s author, who last week posted the decryption keys to an upload site and apologized for releasing the malware. Lawrence Abrams of Bleeping Computer said the infected computers were decrypted...

Rockwell Automation RSView32 Information Disclosure Vulnerability

RSView32 is an HMI system for monitoring and controlling automated machines and processes. A security vulnerability in the encryption method used by RSView32 to create password storage files can lead to unauthorized decryption by software users using an old algorithm, which will disclose the user...

Information disclosure

Rockwell Automation RSView32 7.60.00 aka CPR9 SR4 and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack...

CVE-2015-1010

Rockwell Automation RSView32 7.60.00 aka CPR9 SR4 and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack...

CVE-2015-1010

The CVE-2015-1010 issue affects Rockwell Automation RSView32 (7.60.00 CPR9 SR4) and earlier, where the password storage file uses outdated encryption, enabling a local attacker to decrypt credentials by reading the file. The ICS-CERT advisory confirms a vendor patch and recommends upgrading to a ...