Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Lantronix XPort

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: XPort Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of XPort, a device server configuration manager, are affected: XPort Device Server Configuration Manager: Version 2.0.0.13 3.2 Vulnerability Overview 3.2.1 Weak Encoding for Password CWE-261 Lantronix XPort sends weakly encoded credentials within web request headers. CVE-2023-7237 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Healthcare, Transportation COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER Aarón Flecha Menéndez of S2...

us-cert
#vulnerability#web#ssl
GHSA-wj6h-64fc-37mp: Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.

Ivanti Connect Secure Unauthenticated Remote Code Execution

This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are also vulnerable.

Red Hat Security Advisory 2024-0310-03

Red Hat Security Advisory 2024-0310-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.

GHSA-3p77-wg4c-qm24: Exposure of sensitive information in ClickHouse

Exposure of sensitive information in exceptions in ClickHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.

Apache Commons Text 1.9 Remote Code Execution

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup keys interpolated by default, as opposed to what it should be, according to the documentation of the StringLookupFactory class. Those keys allow an attacker to execute arbitrary code via lookups primarily using the script key. In order to exploit the vulnerabilities, the following requirements must be met: Run a version of Apache Commons Text from version 1.5 to 1.9, use the StringSubstitutor interpolator, and the target should run JDK versions prior to 15.

Red Hat Security Advisory 2024-0266-03

Red Hat Security Advisory 2024-0266-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

Leveraging Red Hat Service Mesh to encrypt AMQ communication on OpenShift

Many organizations require Encryption In Transit (EIT), specifying that all network traffic should be encrypted between systems. Within a Red Hat OpenShift cluster, Red Hat OpenShift Service Mesh can implement Mutual Transport Layer Security (mTLS) between pods. This process encrypts all pod-to-pod traffic, satisfying the EIT requirement.This article covers a simple application that connects to an AMQ broker and leverages Service Mesh to encrypt all communications to and from the AMQ broker.The applicationThe application is a basic producer/consumer program based on the Camel On Quarkus framew

Contiki-NG tinyDTLS Buffer Over-Read / Denial Of Service

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed packets.

Contiki-NG tinyDTLS Epoch Number Reuse

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).