OPENSUSE-SU-2019:1888-1 Security update for libheimdal

This update for libheimdal fixes the following issues: libheimdal was updated to version 7.7.0: + Bug fixes: - PKCS11 hcrypto back-end: + initialize the p11moduleload function list + verify that not only is a mechanism present but that its mechanism info states that it offers the required...

NewStart CGSL MAIN 5.04 : net-snmp Multiple Vulnerabilities (NS-SA-2019-0017)

The remote NewStart CGSL host, running version MAIN 5.04, has net-snmp packages installed that are affected by multiple vulnerabilities: - SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resourc...

NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnutls packages installed that are affected by multiple vulnerabilities: - It was found that GnuTLS's implementation of HMAC- SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to...

CVE-2019-1010263

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

Authentication flaw

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

CVE-2019-1010263

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

UBUNTU-CVE-2019-1010263

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

CVE-2019-1010263

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

CVE-2019-1010263

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

OPENSUSE-SU-2019:1688-1 Security update for libheimdal

This update for libheimdal fixes the following issues: libheimdal was updated to version 7.7.0: + Bug fixes: - PKCS11 hcrypto back-end: + initialize the p11moduleload function list + verify that not only is a mechanism present but that its mechanism info states that it offers the required...

RedwoodHQ 2.5.5 - Authentication Bypass Vulnerability

Exploit for multiple platform in category web applications -- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link...

Code injection

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri...

CVE-2018-13906

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri...

CVE-2018-13906

CVE-2018-13906 involves a timing side-channel in the HMAC authentication of messages from QSEE on Qualcomm Snapdragon platforms, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables/Networking devices (many Snapdragon SoCs listed). Root cause: timing leakage allows an atta...

CVE-2018-13906

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri...

Password Cracker: Webapps

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from various web applications. Atlassian uses PBKDF2-HMAC-SHA1 which is 12001 in hashcat. PHPass uses phpass which is 400 in hashcat. Mediawiki is MD5 based and is 3711 in hashcat. Apache Superset, some...

Sql injection

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

OpenVPN < 2.3.1 Information Disclosure Vulnerability (Windows)

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is prior to 2.3.1. It is, therefore, affected by an information disclosure vulnerability in the crypto.c component due to its HMAC comparison function not running in constant time. An...