Marcus Brinkmann

4 exploits Active since Feb 2017
CVE-2016-10212 WRITEUP MEDIUM WORKING POC
Radware Alteon < 30.0.5.10 - Information Disclosure
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.
CVSS 5.9
CVE-2016-10213 WRITEUP MEDIUM WORKING POC
A10networks Advanced Core Operating System - Information Disclosure
A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
CVSS 5.9
CVE-2023-46445 WRITEUP MEDIUM WRITEUP
AsyncSSH <2.14.1 - RCE
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
CVSS 5.9
CVE-2023-46446 WRITEUP MEDIUM WRITEUP
AsyncSSH <2.14.1 - RCE
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
CVSS 6.8