DEBIAN-CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack...

CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack...

CVE-2016-6489

Summary of the issue: The nettle cryptographic library contains a cache-related side-channel flaw in its RSA and DSA decryption code that could allow a remote attacker to recover a private key from a co-located VM. This vulnerability is referenced across multiple advisories (CVE-2016-6489). What ...

CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack...

CVE-2015-7824

Botan 1.11.x prior to 1.11.22 is vulnerable to a padding-oracle attack that makes it easier for remote attackers to decrypt TLS ciphertext when using TLS CBC ciphersuites. This is a remote/network issue affecting the Botan cryptographic library; exploitation is contingent on using an affected 1.1...

Design/Logic Flaw

A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process consumes a high level of CPU resources. Affected Products...

PT-2017-16156 · Cisco · Cisco Firepower System

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software versions 6.0.0 through 6.2.1 Description: A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets could allow an unauthenticated, remote attacker to cause a denial of service DoS...

CVE-2017-6339

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority CA and dynamically generates digital certificates that are sent to client browsers to...

Improper access control

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

CVE-2017-6338

CVE-2017-6338 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746. Affected component/issue: multiple access control flaws that let an authenticated, low-privilege remote user (e.g., Reports Only or Auditor) modify FTP Access Control Settings, create/modify rep...

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom NMR project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National...

CVE-2017-7307

Riverbed RiOS before 9.0.1 is vulnerable to an elevation-of-privilege in which shell access is not properly restricted in single-user mode. An attacker with physical proximity can replace the /opt/tms/bin/cli binary to obtain root privileges and access decrypted data. The CVSS data indicates high...

Github enterprise remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Right now, almost everyone in the use of GitHub. If you have a lot of Green Paper or for your own code very paranoid, then you can run your own GitHub. Paid$ 2500 dollars, you can get a GitHub Enterprise version for 10 users for one year. In fact, Github enterprise is a virtual machine, but...

Keys for Dharma Ransomware Released

Victims of the Dharma strain of ransomware can now get their files back, free of charge. Decryption keys for the ransomware were added to the Kaspersky Lab’s Rakhni decryptor tool Thursday morning. Dharma ransomware .dharma decryptor released pic.twitter.com/sIQorypOzj — Anton Ivanov @antonivanov...

CVE-2016-2879

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference : 1997341...

Design/Logic Flaw

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference : 1997341...

CVE-2016-2879

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference : 1997341...

AES - Critical - Unsupported - SA-CONTRIB-2017-027

This module provides an API that allows other modules to encrypt and decrypt data using the AES encryption algorithm. The module does not follow requirements for encrypting data safely. An attacker who gains access to data encrypted with this module could decrypt it more easily than should be...