EMSigner Security Vulnerability

EMSigner is an electronic signature solution from EMSigner India. A security vulnerability exists in EMSigner version v2.8.7, which stems from a vulnerability that allows an attacker to gain unauthorized access to application content and view sensitive data of other users by manipulating the...

PT-2023-7412 · Amd +7 · Amd Cpus +7

Name of the Vulnerable Software and Affected Versions: AMD CPUs affected versions not specified Description: The issue concerns improper or unexpected behavior of the INVD instruction in some AMD CPUs, potentially allowing an attacker with a malicious hypervisor to affect cache line write-back...

cloud-init security, bug fix, and enhancement update

23.1.1-11.0.2 - Fix Oracle Datasource network and getdata methods for OCI OL Orabug: 35950168 23.1.1-11.0.1 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permission Orabug: 35302969 - Update detection logic for OL distros in config template Orabug: 34845400 - Adde...

Linux/x64 - create a shell with execve() sending argument using XOR (/bin//sh) Shellcode (55 bytes)

Exploit Title: Linux-x64 - create a shell with execve sending argument using XOR /bin//sh 55 bytes Shellcode Author: Alexys 0x177git Tested on: Linux x8664 Shellcode Description: creating a new process using execve syscall sending bin//sh as argument | encrypted using XOR operation was QWORD size...

Fedora 39 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-4f0bb4ff5e)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-4f0bb4ff5e advisory. Ruby on Rails security upgrade: https://rubyonrails.org/2023/8/22/Rails-Versions-7-0-7-2-6-1-7-6-have- been-released - incorrect file permissions on encrypte...

PT-2023-29991 · Loytec · Loytec Liob-586 +6

Name of the Vulnerable Software and Affected Versions: LOYTEC LINX-151 affected versions not specified LOYTEC LINX-212 version 6.2.4 LOYTEC LVIS-3ME12-A1 version 6.2.2 LOYTEC LIOB-586 version 6.2.3 LOYTEC LIOB-580 V2 affected versions not specified LOYTEC LIOB-588 affected versions not specified...

OPENSUSE-SU-2023:0350-1 Security update for rubygem-activesupport-5.2

This update for rubygem-activesupport-5.2 fixes the following issue: - CVE-2023-38037: fixed a File Disclosure of Locally Encrypted Files bsc1214807...

ASB-A-284262845

In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

The vulnerability of the EisBaer SCADA system, which stems from the use of a strictly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.

The vulnerability of the EisBaer SCADA system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

Hardcoded credentials

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric...

CVE-2023-46102

CVE-2023-46102 describes a vulnerability in the Android Client (enrolled to AppHub) that communicates with an MQTT broker for remote management of the HMI device. The protocol is built on top of MQTT and uses a hard-coded DES symmetric key, which can be recovered by reversing the Android Client a...

USN-6445-2: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service excessive CPU consumption. CVE-2023-1206 Daniel Trujillo, Johannes Wikner, and Kaveh Razavi...

They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird

Stefan Thomas lost the password to an encrypted USB drive holding 7,002 bitcoins. One team of hackers believes they can unlock it—if they can get Thomas to let them...

Mageia: Security Advisory (MGASA-2023-0296)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Commander - A Command And Control (C2) Server

Commander is a command and control framework C2 written in Python, Flask and SQLite. It comes with two agents written in Python and C. Under Continuous Development Not script-kiddie friendly Features Fully encrypted communication TLS Multiple Agents Obfuscation Interactive Sessions Scalable Base6...

USN-6416-3: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service excessive CPU consumption. CVE-2023-1206 Daniel Trujillo, Johannes Wikner, and Kaveh Razavi...

CVE-2022-24404

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

CVE-2022-24404 Ciphertext Malleability in TETRA

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

CVE-2022-24404

CVE-2022-24404 describes a lack of ciphertext authentication in TETRA’s Air Interface Encryption (AIE)/TEA1, enabling an active attacker to perform bit-by-bit manipulations of the intercepted traffic (ciphertext malleability) and alter cleartext data. The root cause is absence of integrity/authen...

Ubuntu 22.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-6416-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6416-3 advisory. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker...