378 matches found
CVE-2019-9494 The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
Bruteforce Attack
openstack-nova is vulnerable to bruteforce attacks. The vulnerability exists as api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instanc...
ThreatList: Password Hygiene Remains Lackluster in Global Businesses
When it comes to password behaviors in the workplace, the average business is doing just an okay job, scoring a middling score in a credentials-security benchmarking analysis of organizations’ habits. Notably, the data also shows that password-sharing is still prevalent in the workplace – althoug...
WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little
A fresh FBI charge against Marcus Hutchins has led to the Kronos banking trojan and the UPAS Kit backdoor being linked in the news over the past week. However, a fresh analysis this week shows that, at least on a code level, the similarities and differences between the two are far from conclusive...
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE
Summary This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...
Security Bulletin: Information regarding security vulnerability in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU January 2014
Summary Multiple security vulnerabilities exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server and is included in the products that are listed in this document. Vulnerability Details The affected products are shipped with a version of IBM WebSphere...
Moving from Unidesk to Citrix App Layering
Although they are based on the same layering technology, Unidesk version 2 and 3 are very different from Citrix App Layering formerly Unidesk version 4. This document lays out the major product differences for exiting version 2 and 3 customers to help them understand those differences and plan fo...
CVE-2018-1388
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS1 padding. IBM X-Force ID: 138212...
undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...
UBUNTU-CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
actionpack is vulnerable to remote bypass authentication
The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...
UBUNTU-CVE-2017-15575
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact...
Behavior of VM.xenstore_data
Summary This article describes the behavior ofVM.xenstoredata. This behavior might affect customers who use thexenstore-data parameter of a Virtual Machine VM, especially those customers who are writing software that interacts with XenServer and uses this parameter. Behavior of VM.xenstoredata If...
[SECURITY] Fedora 26 Update: subversion-1.9.7-1.fc26
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...
Why So Many Top Hackers Hail from Russia
Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and...
DEBIAN-CVE-2016-5007
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space...
CVE-2016-7439
The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...
CVE-2016-7439
The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...
Information disclosure
The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...