1096 matches found
dnsmasq -- cache poisoning vulnerability in certain configurations
Simon Kelley reports: In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the random source port behavior was disabled, making cache poisoning attacks possible. This only affects configurations of the form...
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...
'/%20..\WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
'/WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
OpenSSL 1.0.2 < 1.0.2w Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2w. It is, therefore, affected by a vulnerability as referenced in the 1.0.2w advisory. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in...
EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...
CVE-2018-18688
The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...
CVE-2018-18689
The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected...
CVE-2018-18688
The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...
CVE-2020-26291
URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...
MGASA-2020-0465 Updated compat-openssl10 packages fix security vulnerabilities
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...
Updated compat-openssl10 packages fix security vulnerabilities
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...
Re-Deriving the edwards25519 Decoding Formulas
A lot of my job is implementing specifications, and sometimes in a crypto spec youll encounter something like this p+3/8 3 p-5/8 x = u/v = u v u v^7 mod p and what you do is nod, copy it into a comment, break it down into a sequence of operations, and check that the result matches a test case.1...
[SECURITY] Fedora 33 Update: libpri-1.6.0-9.fc33
libpri is a C implementation of the Primary Rate ISDN specification. It was based on the Bellcore specification SR-NWT-002343 for National ISDN. As of May 12, 2001, it has been tested work to with NI-2, Nortel DMS-100, and Lucent 5E Custom protocols on switches from Nortel and Lucent...
RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then...
EIP Stack Group OpENer ethernet/IP server denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests ...
openSUSE Security Update : ucode-intel (openSUSE-2020-2098)
This update for ucode-intel fixes the following issues : - Updated Intel CPU Microcode to 20201118 official release. bsc1178971 - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL...
Implementation trusts the "me" field returned by the authorization server without verifying it
Impact A malicious user can sign in as a user with any IndieAuth identifier. This is because the implementation does not verify that the final "me" URL value returned by the authorization server belongs to the same domain as the initial value entered by the user. Patches Version 1.1 fixes this...
CVE-2020-26933
Trusted Computing Group TCG Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USEDAUSED. Improper initialization of this shut-down may result in susceptibility to a dictionary atta...
CVE-2020-26933
Trusted Computing Group TCG Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USEDAUSED. Improper initialization of this shut-down may result in susceptibility to a dictionary atta...