Ypsomed mylife App 信任管理问题漏洞

Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App is vulnerable to a trust management issue, which stems...

Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...

Unspecified Vulnerability in Fortinet FortiMail

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. Fortinet FortiMail has a security vulnerability that allows an unauthenticated attacker to intercept encrypted messages, making it possible...

Halo 授权问题漏洞

Halo is a light, clean, and powerful Java blogging system. Halo version 0.4.3 contains an incorrect access control vulnerability. An attacker could use this vulnerability to bypass encryption via a cookie and view encrypted posts...

Design/Logic Flaw

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...

CVE-2021-26100

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...

CVE-2021-26100

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...

Sharperner - Simple Executable Generator With Encrypted Shellcode

Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv...

Police seize DoubleVPN data, servers, and domain

A coordinated effort between global law enforcement agencies—led by the Dutch National Police—shut down a VPN service that was advertised on cybercrime forums. The VPN company promised users the ability to double- and triple-encrypt their web traffic to obscure their location and identity. The...

UVI-2021-1001081 x86/ioremap: Map EFI-reserved memory as encrypted for SEV

x86/ioremap: Map EFI-reserved memory as encrypted for SEV This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

GSD-2021-1001081 x86/ioremap: Map EFI-reserved memory as encrypted for SEV

x86/ioremap: Map EFI-reserved memory as encrypted for SEV This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

UVI-2021-1001000 x86/ioremap: Map EFI-reserved memory as encrypted for SEV

x86/ioremap: Map EFI-reserved memory as encrypted for SEV This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.46 by commit...

GSD-2021-1001000 x86/ioremap: Map EFI-reserved memory as encrypted for SEV

x86/ioremap: Map EFI-reserved memory as encrypted for SEV This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.46 by commit...

Weidmueller Industrial WLAN devices trust management issue vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. A trust management issue vulnerability exists in Weidmueller Industrial WLAN devices, which stems from the fact that the device operating system contains an undisclosed encrypted password that can be exploited by...

charlotte

This is a C++ shellcode launcher, fully undetected as of May 13th, 2021. It dynamically invokes Win32 API functions, XOR encrypts shellcode and function names, and uses random XOR keys and variables per run. The code is designed to be stealthy and difficult to detect. The code is written in C++ a...

OPENSUSE-SU-2021:0934-1 Security update for tpm2.0-tools

This update for tpm2.0-tools fixes the following issues: - CVE-2021-3565: Fixed issue when no encrypted session with the TPM is used bsc1186490. This update was imported from the SUSE:SLE-15-SP2:Update update project...

[SECURITY] Fedora 33 Update: openssh-8.4p1-7.fc33

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

CVE-2021-33530

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote contro...

USN-4995-2: Thunderbird vulnerabilities

USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...

CVE-2021-31615

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status...