CVE-2019-0307

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to t...

Cloudera Navigator Key Trustee KMS Encryption Issue Vulnerability

Cloudera Navigator Key Trustee KMS is a customized secret key management server from Cloudera. A security vulnerability exists in Cloudera Navigator Key Trustee KMS versions 5.12 and 5.13. An attacker can exploit the vulnerability to recover previously deleted but not cleaned keys or delete the...

CVE-2018-20091

An SQL injection vulnerability was found in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords in the case of local...

ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server

Reverse Encrypted AES 256-bit Shell over TCP - usingPowerShell SecureString. Attacker C2-Server Listener: PS .\ReverseTCP.ps1 Target Client: CMD ECHO...

Ubuntu 16.04 LTS / 18.04 LTS : Evolution Data Server vulnerability (USN-3998-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3998-1 advisory. Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certa...

The vulnerability of the ECDSA encryption algorithm implementation in the OpenSSL library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ECDSA encryption algorithm implementation in the OpenSSL library is related to errors in the management of cryptographic keys. Exploiting this vulnerability could allow a malicious actor to remotely restore the encrypted private key...

Insecure Credential Storage in web3

All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Si...

USN-3998-1 evolution-data-server vulnerability

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...

USN-3998-1: Evolution Data Server vulnerability

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...

Google Stored G Suite Passwords in Plaintext Since 2005

Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...

Core Elastic Stack Security Features Now Available For Free Users As Well

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful ope...

The False Promise of “Lawful Access” to Private Data

Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition...

Weak Encryption

Thunderbird ESR and Thunderbird is vulnerable to weak encryption. A remote unauthenticated attacker could cause disclosure of plaintext using remote content in encrypted messages...

CVE-2019-10922

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...

CVE-2019-10922

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...

Security feature bypass

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...

CVE-2019-10922

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...

Siemens SIMATIC WinCC and SIMATIC PCS 7

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS 7 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

EulerOS Virtualization for ARM 64 3.0.1.0 : python-paramiko (EulerOS-SA-2019-1404)

According to the versions of the python-paramiko package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and...

CVE-2018-18976

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...