5470 matches found
PT-2020-15832 · Google · Gaen Protocol
Name of the Vulnerable Software and Affected Versions: GAEN protocol affected versions not specified Description: An issue was discovered in the GAEN protocol, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping ...
NICER Protocol Deep Dive: Internet Exposure of SMTP
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
RBKmoney: Apple Pay cryptogram replay and amount tampering
During Apple Pay in-app or on-site payments the device generates a payment cryptogram, which contains a transaction ID, encrypted payment data, etc. This is an example of the cryptogram which the phone passes to the internet acquiring service on api.transferwise.com: "token": "paymentData":...
CVE-2019-18991
A partial authentication bypass vulnerability exists on Atheros AR9132 3.60AMX.8, AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sen...
CVE-2019-18989
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which wou...
Authentication flaw
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which wou...
Authentication flaw
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a...
CVE-2019-18990
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a...
CVE-2019-18990
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a...
CVE-2019-18989
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which wou...
Zivver: one delegate can add another delegate and delete other delegates, exposing all confidential inbox messages
Summary: One Delegate can add another delete and delete other delegates, exposing all inbox messages to other delegates and hence exposing all the confidential info can be seen by newly added delegates Steps To Reproduce: add details for how we can reproduce the issue 1. Login as User1 and add a...
SUSE-SU-2020:2647-1 Security update for for SUSE Manager 4.1
This update for SUSE Manager 4.1 fixes the following issues: google-gson: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-client: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68738)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63323)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that stems from the use of a...
CVE-2020-1749
CVE-2020-1749 describes a flaw in the Linux kernel’s IPsec networking implementation (notably VXLAN and GENEVE tunnels over IPv6). When an encrypted tunnel is established between two hosts, tunneled data may be misrouted over the encrypted link, causing data to be sent unencrypted and potentially...
CVE-2020-1749
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...
CVE-2020-1968
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...
CVE-2020-1968
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...
Vulnerability in OpenSSL - Raccoon Attack
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...
PT-2020-4161 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A information disclosure issue exists due to the use of weak hash algorithms by TLS components. This could allow an attacker to obtain information to further compromise a user's encrypted...