54 matches found
SUSE-SU-2019:2410-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: OpenSSL Security Advisory 10 September 2019 CVE-2019-1547: Added ECGROUPsetgenerator side channel attack avoidance. bsc1150003 CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key bsc1150250...
CVE-2018-18251
Deltek Vision 7.x before 7.6 allows an authenticated attacker to execute arbitrary SQL via a custom RPC over HTTP protocol. The client-side enforcement of security rules can be bypassed (e.g., encryption obfuscation with hard-coded keys), enabling potential arbitrary SQL execution and impacts to ...
Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...
CVE-2017-5535
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise th...
MGASA-2018-0007 Updated apache packages fix security vulnerability
modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...
Huawei FusionSphere OpenStack Information Disclosure Vulnerability (CNVD-2017-34443)
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. Huawei FusionSphere OpenStack suffers from an...
SUSE-SU-2017:0726-1 Security update for java-1_6_0-ibm
This update for java-160-ibm to 8.0-4.1 fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easi...
Attacking and Defending the Tor Network
BOSTON–The Tor Project has become a vital mechanism for privacy advocates, human rights activists, journalists and others in sensitive positions to evade online censorship and persecution. And while the governments interested in limiting user access to the Internet and controlling content have ha...
Multiple issues with Mac OS X AFP client
Multiple issues with Mac OS X AFP client Background The standard Apple Filing Protocol1 AFP does not use encryption to protect transfered data. Login credentials may be sent in cleartext or protected with one of several different hashed exchanges or Kerberos2. There does not appear to have been a...
Protegrity buffer overflow
Additional details can be found at http://www.kb.cert.org/vuls/id/247545 There is a company that does encryption of databases called Protegrty. They use extended stored procedures to do the encryption and decryption. I tested 3 of the extended stored procedures and found all 3 vulnerable to buffe...
CVE-2001-1444
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V Heimdal, does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack...
NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption
NetWin DMail 2.x SurgeFTP 1.02.0 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products. A simple one-way hash function is used by NWAuth to perform passwor...
FreeBSD-SA-01:24.ssh
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:24 Security Advisory FreeBSD, Inc. Topic: SSH1 implementations may allow remote system, data compromise Category: core/ports Module: openssh, ssh Announced: 2001-02-12...
CVE-2001-0103
CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords...