Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.
5d3485e58aed10ea74809fdebbda1ff43b8d5d7612ae0a1b4170ddacd18b3b58
RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.
1d4172c4c86ce8ccc2a9a8e1b830a45d85684dcdd0d15f64044487bd617a938e
RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.
583e0d3b08d53b6fe4e94e98b388350b2654a17ad7e0454e211d8b07e6edde82
Ubuntu Security Notice 3727-1 - It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.
60e0e0a68a7a347593dfe99c12b72c05729ca8bcf40633b9aafc691863bb7acd
Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.
2c2b3672ce06765299485a82053f137bd3e099ce7a9b7d3dab312ceff6999829
Ubuntu Security Notice 3616-1 - It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.
626f4ce7734e7319141061eec69bc6c85cae4bec67f5f4efc6d4474c0f813ec2
Debian Linux Security Advisory 4147-1 - Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.
7ead6a7dc4b5aab9da285061c8c3be7b94df65df2625647f2c613e33c550985d
Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.
000142b4cb683ae87066a75057971417443fdc878266c68a19d146be3da88496
This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
1576a80eac33112b71d8bbd0634e95d85cce414c2c6d818929631b980862b580
Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.
7bdd578be202b278bcaaefbcc9d6e1f9481932cdadde98dfd4ce55ede0123ded
Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.
d60a94808b4db18bdaa7283649c335faa09eac8106c9b0d94766e8912f9006c2
Ubuntu Security Notice 3199-3 - USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that the ALGnew function in block_templace.c in the A Python Cryptography Toolkit contained a heap-based buffer overflow A vulnerability. A remote attacker could use this flaw to execute A arbitrary code by using a crafted initialization vector parameter. Various other issues were also addressed.
1428af321c89f55dc7b12672634207a5aca4471a323e200ab47ff1cf2abb4b37
Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.
ff7df61d3c20ef698eeacd98caa047a8dc5114df5d8ba8103bd56c8c1fd454e9
RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.
ab31c6b98b6ff07db4a9a779660f5967f97cb4172a52706352ff182ae3cb9252
RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, and SSL-J contain a fix to address Lenstra's attack. RSA BSAFE Micro Edition Suite (MES) 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.1.3, RSA BSAFE Crypto-J 6.2.1, and RSA BSAFE SSL-J 6.2.1 are affected.
c3b17fc3ee05ab56bbef557f3dbd0a4892dd5ce2a6e58fcae51101192165854f
Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.
3f5b87490fc0b888969c59aa3c86769bc4e48285372026935f48a72f9f313a9a
XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.
5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2
Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.
47ebcd604f74922f2aca43d66c7f6c900e0605150ba8c67b8a408a6ecbc74d09
XMB - eXtreme Message Board version 1.9.11.13 suffers from weak crypto and insecure password storage vulnerabilities.
cf185568d0d31eb57770caa6704edd33b4b2d5e593729636e1f190f8ff2939a6
Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.
158a825b04f0f40bb96f1d9a00a016aba3e89852c2b38ad9489af18ccb50c100
FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.
97daf08486cc4c8cc8703eb625aea225e01f9a851cedc0e7f504b4776cf765dc
RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C all suffer from various crypto, denial of service, and underflow vulnerabilities.
249db2924aab5ee66f78a2cea495509bc66d1e874798148d85df7a38d50f16a4
The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation.
e8819e38284ae00f42181afdbb067dcbb1901e3845adf87a0c7b6914ed3d9c52
QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804 log crypto keys on an unencrypted disk partition in world accessible files.
ddfdf6fd5fb3490dae2ed64c6e9b6432242ddd203d798cd07412aaaba2d7b6ed
This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3b