[SECURITY] Fedora 24 Update: openssh-7.2p2-12.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Mozilla Firefox and Firefox ESR Stack Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A stack buffer overflow vulnerability exists in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API of Mozilla Firefox and Firefox, which allows remote attackers ...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

UBUNTU-CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

Sql injection

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback — Mozilla

An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module CDM used by the Encrypted Media Extensions EME API. This vulnerability can be triggered using a malformed video file due to incorrect error handling...

New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable

LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...

CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-031 Product: CHERRY B.UNLIMITED AES Manufacturer: Cherry GmbH Affected Versions: JD-0400EU-2/01 Tested Versions: JD-0400EU-2/01 Vulnerability Type: Cryptographic Issues CWE-310 Missing Protection against Replay Attacks Risk...

Logitech K520 Crypto Issues / Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-044 Product: K520 Keyboard of Wireless Combo MK520 Manufacturer: Logitech Affected Versions: Model Y-R0012 Tested Versions: Model Y-R0012 Vulnerability Type: Cryptographic Issues CWE-310 Insufficient Protection against Replay...

[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Fedora 24 : ecryptfs-utils (2016-41301e2187)

ecryptfs-utils updated to 111 - fix ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive CVE-2016-6224, rhbz1356828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

USN-3032-1 ecryptfs-utils vulnerability

It was discovered that eCryptfs incorrectly configured the encrypted swap partition for certain drive types. An attacker could use this issue to discover sensitive information...

[SECURITY] Fedora 24 Update: gsi-openssh-7.2p2-5.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

HP Data Protector Encrypted Communications Arbitrary Command Execution Vulnerability

HP Data Protector is prone to an arbitrary command execution vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

The vulnerability of the Simatic WinCC software allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability exists in the implementation of the Web Navigator interface in Siemens WinCC, due to the presence of a strictly encrypted user account. Exploiting this vulnerability allows malicious individuals operating remotely to gain access to the system through a specially crafted request...

Securing a travel iPhone

These are dry notes I took in the process of setting up a burner iPhone SE as a secure travel device. They are roughly in setup order. I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and knobs. This list optimizes for security versus...

Vulnerabilities of the enterprise automation system 1C:Enterprise, allowing a malicious individual to trigger service failures or gain access to encrypted data without knowing the encryption key

Multiple vulnerabilities in the OpenSSL cryptographic package of the 1C: enterprise automation system allow a malicious actor to remotely cause service failures or gain access to encrypted data without knowing the encryption key...

XML signature wrapping attack

ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion. ruby-saml users must...