CVE-2018-0131

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...

CVE-2018-0131

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...

ThreatList: Almost All Security Pros Believe Election Systems Are at Risk

As the U.S. midterm election season gets underway in earnest, concerns about the ability to hack the vote is more in the spotlight than ever. A fresh survey from Venafi has found that a full 93 percent of security pros are concerned about cyber-attacks targeting election infrastructure. The poll,...

FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability

Problem Description: When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but...

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...

CVE-2018-10622

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication...

openSUSE Security Update : enigmail (openSUSE-2018-833)

This update for enigmail to 2.0.8 fixes the following issues : The enigmail 2.0.8 release addresses a security issue and solves a few regression bugs. - A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed...

UBoat - HTTP Botnet Project

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet. Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...

Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher affects Communications Server for Data Center Deployment, Communications Server for AIX, Linux, Linux on System z, and Windows (CVE-2016-2183)

Summary Sweet32 exposes a problem in the Triple DES algothorim for sessions that receive more than 2 GBytes of data on an encrypted session. Once beyond that amount of data, the algorithm allows for a intrusion that can be more easily decrypted. Vulnerability Details CVEID: CVE-2016-2183...

Reddit hacked: Hackers steal complete copy of old database backup

By Waqas Reddit says the breach took place after hackers intercepted SMS that were supposed to be delivered to employees. The social media giant Reddit has announced that it has suffered a data breach in which attackers hacked into its system and ended up stealing data of its registered users...

Huawei Backup App Reset Session Vulnerability

Huawei Backup App is a cell phone file backup tool. A reset session vulnerability exists in Huawei Backup App, located in the application folder "HuaweiBackup-BackupFiles", which affects a file named info.xml, where encrypted passwords are stored, and can be bypassed and reset by modifying the...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20180725)

This update upgrades Thunderbird to version 52.9.1. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 CVE-2018-5188 - Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12359 - Mozilla: Use-after-free using focus...

thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

DEBIAN-CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

PoshC2

!PoshC2 Logohttps://raw.githubusercontent.com/nettitude/PoshC...

git-annex information disclosure vulnerability

git-annex is a distributed file synchronization system. An information disclosure vulnerability exists in git-annex. An attacker can exploit this vulnerability to disclose encrypted data via a malicious server...

CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...

Information disclosure

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...

UBUNTU-CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...

DEBIAN-CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...