134 matches found
Plonk verifier KZG multi point verification
Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...
transcript-open.de Cross Site Scripting vulnerability OBB-3347534
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2018-11567
Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...
Command injection
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
nss security update
3.28.4-12 - Backport patch to simplify transcript calculation for CertificateVerify...
PowerShell Script Execution Troubleshooting Advice
Veeam Support Scope Per Veeam Support Policy: Custom script troubleshooting is not supported. What's in Scope: Confirming that the Veeam task executed the script. Assisting with Veeam PowerShell cmdlets not functioning as intended or documented. What's Out of Scope: Troubleshooting why a custom...
An overview of TLS 1.3
I presented TLS 1.3 to the CloudFlare London office. Why it's faster, how it works, why it's safer, what's clever about it. The talk is recorded and comes with colored diagrams. There's a transcript on the CloudFlare blog. Update: you might want to watch my 33c3 talk on the same topic instead. An...
IRS Reinstates Get Transcript Service Following Hack
The Internal Revenue Service has reinstated its Get Transcript service, more than a year after hackers managed to manipulate settings in the system in order to steal information on more than 720,000 U.S. taxpayers. The IRS suspended the service – which gives citizens a way to look up line-by-line...
AIX OpenSSL Advisory : openssl_advisory16.asc (SLOTH)
The remote AIX host has a version of OpenSSL installed that is affected by a collision-based forgery vulnerability, known as SLOTH Security Losses from Obsolete and Truncated Transcript Hashes, in the TLS protocol due to accepting RSA-MD5 signatures in the server signature within the TLS 1.2...
Oracle JRockit R28 < R28.3.9 Multiple Vulnerabilities (January 2016 CPU) (SLOTH)
The version of Oracle JRockit installed on the remote Windows host is R28 prior to R28.3.9. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security subcomponent due to a failure to reject MD5 signatures in the server signature within the TLS 1.2...
Oracle: Security Advisory (ELSA-2016-0007)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SLOTH Collisions Attacks Against SHA-1, MD5 in TLS, IKE, SSH
If you’re hanging on to the theory that collision attacks against SHA-1 and MD5 aren’t yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have demonstrated new attacks that raise the urgency to move away from these broken cryptographic...
nss security update
3.19.1-8.0.1 - Added nss-vendor.patch to change vendor 3.19.1-8 - Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Resolves: Bug 1289881...
IRS Hack Exposes 100,000 Taxpayer Records
Users of the Internal Revenue Service’s Get Transcript service are at risk for identity theft after the agency reported today that personal records belonging to more than 100,000 taxpayers had been accessed by hackers. Get Transcript is unavailable currently on the IRS.gov website; the service...