752 matches found
Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years
Let's Encrypt, a free, automated, and open certificate signing authority CA from the nonprofit Internet Security Research Group ISRG, has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million...
Exploit for Improper Authentication in Microsoft
CVE-2020-0688EXP CVE-2020-0688EXP Auto trigger payload...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
Amazon Linux 2 : nss (ALAS-2020-1384)
The version of nss installed on the remote host is prior to 3.44.0-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1384 advisory. A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this...
An Open Source Effort to Encrypt the Internet of Things
IoT is a security hellscape. One cryptography company has a plan to make it a little bit less so...
Amazon Linux 2 : nss-softokn (ALAS-2020-1379)
The version of nss-softokn installed on the remote host is prior to 3.44.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1379 advisory. Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized befor...
DEBIAN-CVE-2019-11745
When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...
The vulnerability of the sal_util_str_encrypt() function (libsal.so) in the software for Zyxel routers series GS1900 allows a attacker to disclose protected information.
The vulnerability of the salutilstrencrypt function libsal.so in Zyxel router microsoftware of the GS1900 series exists due to the rigid encoding of registration data. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...
Android Ups the Mobile Security Ante with Default TLS Encryption
A full 80 percent of Android apps are encrypting their traffic by default, according to a Transport Layer Security TLS adoption update from Google. That percentage is even greater for apps targeting Android 9 and higher, with 90 percent of those encrypting traffic by default, the tech giant said ...
UBUNTU-CVE-2019-11745
When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...
CVE-2010-3299
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...
CVE-2010-3299
CVE-2010-3299 : The initial description indicates a padding oracle vulnerability in the encrypt/decrypt functions of Ruby on Rails 2.3. Connected documentation confirms this CVE and reiterates the padding oracle issue but does not provide specifics on affected versions beyond Rails 2.3, nor detai...
docPrint Pro 8.0 SEH Buffer Overflow
import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe...
CVE-2019-5478
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior...
CVE-2019-5478
The CVE-2019-5478 issue affects Xilinx Zynq UltraScale+ devices in Encrypt Only boot mode. The vulnerability allows an adversary to modify the boot image control fields, which can lead to incorrect or bypassed secure boot behavior. Root cause is a weakness in the Encrypt Only boot mode; exact imp...
PT-2019-17698 · Xilinx · Xilinx Zynq Ultrascale+
Name of the Vulnerable Software and Affected Versions: Xilinx Zynq UltraScale+ devices affected versions not specified Description: A weakness was found in the Encrypt Only boot mode, which could allow an adversary to modify the control fields of the boot image. This modification could lead to...
A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
A new ransomware family has been found targeting Linux-based Network Attached Storage NAS devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file...
Code injection
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign and encrypt arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows ...