[FD] CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry

CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry Affected versions: - Apache Tapestry 5.3.6 through current releases. Description: Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side. This was added to address the Java deserialization vuln

[FD] [CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House

Introduction Vulnerabilities were identified in the iStar Ultra & IP-ACM boards offered by Software House. This system is used to control physical access to resources based on RFID-based badge readers. Badge readers interface with the IP-ACM board, which uses TCP/IP to communicate wi

[FD] Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption

Introduction Vulnerabilities were identified in the Belden GarrettCom 6K and 10KT (Magnum) series network switches. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive; observations suggest that it is likely that

[FD] Security Issues in Alerton Webtalk (Auth Bypass, RCE)

Security Issues in Alerton Webtalk == Introduction Vulnerabilities were identified in the Alerton Webtalk Software supplied by Alerton. This software is used for the management of building automation systems. These were discovered during a black box