Posted by Sydream Labs on Feb 14
# Riverbed RiOS insecure cryptographic storage (CVE-2017-5670)
## Description
Riverbed Steelhead hardware appliances are used to optimize and
accelerate network traffic.
There can be implemented as TLS endpoints, so they have a secure vault
aimed to store private TLS certificates for servers.
The secure vault has FIPS mode support.
## Improper encryption implementation
The secure vault used on the Steelhead appliance (and potentially other…
Posted by Manuel Garcia Cardenas on Feb 14
=============================================
MGC ALERT 2017-001
– Original release date: Feb 07, 2017
– Last revised: Feb 12, 2017
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
WordPress Plugin Easy Table 1.6 – Persistent Cross-Site Scripting
II. BACKGROUND
————————-
Easy Table is a WordPress plugin that…
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in h264 codec while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
A heap buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.