CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

Schneider Modicon M221CE16R Hard-Coded Vulnerability

The Modicon M221CE16R is an all-in-one programmable controller from Schneider Electric Co. The Schneider Modicon M221CE16R is vulnerable to a hard-coded vulnerability where XML files are AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the X...

Mobile Ad Hoc Mesh Network: Serval Mesh

Mobile Ad Hoc Mesh Network Serval Mesh, and it is free software that allows smart-phones to communicate, even in the face of catastrophic failure of cellular networks. Serval Mesh allows people to make voice calls, send text messages and share files with other Serval Mesh users, without requiring...

Setting a custom FileVault (macOS FDE) passphrase

FileVault 2 is the full-disk encryption system of macOS. Normally, it's turned on from System Preferences, and locks the disk with the passwords of all the users allowed to unlock the machine. Overloading the login/unlock/sudo password is an understandable UX simplicity choice, but makes it very...

CVE-2016-9123

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

UBUNTU-CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

Huawei Document Security Management Information Disclosure Vulnerability

Huawei Document Security Management DSM is a set of document rights management software from Huawei, China. The software is characterized by high stability, reliability and scalability. A security vulnerability exists in the privilege control function in Huawei DSM versions prior to...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE

Exploit for hardware platform in category dos / poc Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage: https://nest.com/ Affected:...

Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE

Google Nest Cam 5.2.1 - Buffer Overflow Conditions Over Bluetooth LE Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage:...

Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE

Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage: https://nest.com/ Affected: Dropcam, Dropcam Pro, Nest Cam Indoor/Outdoor models ...

RHEL 7 : ansible (RHSA-2017:0515)

An update for ansible and ceph-ansible is now available for Red Hat Storage Console 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WhatsApp and Telegram Vulnerabilities Opened Users to Account Takeover

Encrypted messaging services WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user’s account, access personal and group conversations, along with photos, videos and other files. A trio of researchers with Check Point Software Technologies,...

PT-2017-4237 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.10.7 Description: The issue is related to a use-after-free vulnerability in the fs/crypto component of the Linux kernel, which can lead to a denial of service or possibly allow local users to gain privileges...