5469 matches found
Ansible Information Disclosure Vulnerability (CNVD-2020-33255)
Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage, and orchestrate computer systems.Ansible Tower is one of the task control applications that provides a user interface UI, dashboard, and REST API.Ansible Engine is one...
CVE-2020-11826
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...
CVE-2020-11005
The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...
Authentication flaw
The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...
Information Disclosure
openssl is vulnerable to information disclosure. It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the...
Access Control Bypass
encryptfs-utils is vulnerable to access control bypass. An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user'...
Information Disclosure
pidgin is vulnerable to information disclosure. It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the use...
Arbitrary Code Execution
evolution is vulnerable to arbitrary code execution. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution...
Event 55 when you copy an encrypted folder to EFS shared folder in Windows
Event 55 when you copy an encrypted folder to EFS shared folder in Windows Symptoms Assume that you enable Encryption File System EFS on a shared folder on a computer that is running Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7 Service Pack 1 SP1, Windows Server...
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...
SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0868-1)
This update for the Linux Kernel 3.12.74-6064124 fixes several issues. The following security issues were fixed : CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel bsc1165631 CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for...
SUSE-SU-2020:0891-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-19734 fixes one issue. The following security issue was fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel bsc1165631...
8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign
Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware – making use of the hardcoded, VelvetSweatshop default password for encrypted files. LimeRAT is a full-featured remote access tool/backdoor that can allow attackers to access an infected system and install a...
Simplifying the ISP Transition to DNS Encryption
New protocols to encrypt DNS traffic, DNS over HTTPS DoH and DNS over TLS DoT, have been a visible Internet topic for the past two years. Akamai participated in the definition of DoH/DoT standards and recently released support in the high-performance CacheServe resolver. Major features include:...
Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...
CVE-2019-19135
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network...
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
Code injection
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network...
Design/Logic Flaw
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...