EUVD-2021-10099

Malware in sbrugna...

CVE-2022-30276

The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication MDLC networks potentially over a variety of serial, RF and/or Ethernet links and TCP/IP networks...

GO-2023-2402 Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto

A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware. The impact of this atta...

Kerberos acceptors need easy access to stable

Description In order to avoid issues like CVE-2020-25717 AD Kerberos accepting services need access to unique, and ideally long-term stable identifiers of a user to perform authorization. The AD PAC provides this, but the most useful information is kept in a buffer which is NDR encoded, which mea...

CVE-2021-42072

An issue was discovered in Barrier before 2.4.0. The barriers component aka the server-side implementation of Barrier does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Spectrum Scale RAID/IBM GPFS Native RAID. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

PT-2021-1884 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to weaknesses in the security mechanisms of the NT LAN Manager NTLM protocol in the Windows operating system. It may allow an attacker to gain unauthorized access to...

MGASA-2020-0370 Updated mbedtls packages fix security vulnerabilities

mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...

dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities

Simon Kelley reports: There are broadly two sets of problems. The first is subtle errors in dnsmasq's protections against the chronic weakness of the DNS protocol to cache-poisoning attacks; the Birthday attack, Kaminsky, etc.... the second set of errors is a good old fashioned buffer overflow in...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server (CVE-2015-7575, CVE-2016-0475, CVE-2015-4872, CVE-2015-5006)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 that is used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java Runtime updates in October 2015 and January 2016 and include the...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects Rational Performance Tester (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects Rational Performance Tester. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager, WebSphere ILOG JRules and WebSphere Business Events:

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM, IBM ILOG JRules and IBM WebSphere Business Events WBE. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and...

CVE-2017-11130

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle...

java security update

CentOS Errata and Security Advisory CESA-2015:0085 Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring...

[oss-security] CVE question: Return of POODLE

Hi All, Before i ask my question: It seems some TLS implementations may be vulnerable to POODLE like attack if they use SSL 3.0 type padding and the padding bytes are not checked by the implementation. https://www.imperialviolet.org/2014/12/08/poodleagain.html...

Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version

Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack. The Microsoft advisory lay...

Mandriva Update for bind MDVSA-2008:139 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDVSA-2008:139 bind Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Ubuntu Update for bind9 vulnerability USN-622-1

Ubuntu Update for Linux kernel vulnerabilities USN-622-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6221.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for bind9 vulnerability USN-622-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

OpenAFS filesystem privilege esccalation

Attacke can make fake suid binary on network disk by using protocol weakness...

Hack thirty-six of the invasion tactics Count is calculated-vulnerability warning-the black bar safety net

Hacking techniques include 1sneak 2gonna try 3nothing 4. 5the tongue is in the possession of the knife 6steal 7for the third night 8diversion. 9Example 1 0wet water. 1 1outbred recent attack 1 of 2bait and switch 1 3become masters of. Hackers often interlocking, and hard to detect, can not not...