CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2018/06/07 4:5 p.m.•10 views

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...

CNVD•added 2018/06/06 12:0 a.m.•2 views

Bouncy Castle JCE Provider AESFastEngine and AESEngine Information Disclosure Vulnerabilities

Bouncy Castle JCE Provider is a Java-based encryption package . AESFastEngine and AESEngine are among the encryption engines. A security vulnerability exists in AESFastEngine and AESEngine in Bouncy Castle JCE Provider 1.55 and earlier versions. An attacker could exploit this vulnerability to...

5.3CVSS6.4AI score0.02678EPSS

Exploits0References1

The Hacker News•added 2018/05/30 8:38 a.m.•1 views

Russia asks Apple to remove Telegram Messenger from the App Store

Russia's communications regulator Roskomnadzor has threatened Apple to face the consequences if the company does not remove secure messaging app Telegram from its App Store. Back in April, the Russian government banned Telegram in the country for the company's refusal to hand over private...

5.8AI score

OSV•added 2018/05/18 8:29 p.m.•3 views

CVE-2018-6562

totemomail Encryption Gateway before 6.0b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack...

7.5CVSS5.8AI score

Exploits0References3

Packet Storm•added 2018/05/14 12:0 a.m.•295 views

IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure

Vulnerabilities in IBMs Flashsystems and Storwize Products ------------------------------------------------------------------------- Introduction ============ Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. These were discovered during a bla...

0.4AI score0.02658EPSS

Exploits3

ThreatPost•added 2018/05/03 11:54 a.m.•16 views

Free Speech Advocates Blast Amazon Over Threats Against Signal

On Tuesday, Moxie Marlinspike, founder of the secure messaging app Signal, posted a letter sent to him from Amazon threatening to suspend the company’s AWS account for using a technique called domain-fronting on its network. The technique is used to protect messages sent via the Signal’s messagin...

7.1AI score

Exploits0References10

ThreatPost•added 2018/03/20 3:10 p.m.•13 views

Telegram Ordered to Hand Over Encryption Keys to Russian Authorities

Russia’s top court ruled Tuesday that the Telegram messaging service, with 9.5 million active Russian users, must hand over encryption keys to authorities. The Britain-based messaging app company, with 100 million global users, now has 15 days to provide communications regulators in Russia with t...

2.4AI score

Exploits0References1

RedHat Linux•added 2018/03/07 10:33 a.m.•0 views

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

The Hacker News•added 2018/02/28 4:3 p.m.•58 views

Apple Moves iCloud Data and Encryption Keys for Chinese Users to China

Apple has finally agreed to open a new Chinese data center next month to comply with the country's latest controversial data protection law. Apple will now move the cryptographic keys of its Chinese iCloud users in data centers run by a state-owned company called Cloud Big Data Industrial...

6.3AI score

Schneier on Security•added 2018/02/28 12:19 p.m.•38 views

Apple to Store Encryption Keys in China

Apple is bowing to pressure from the Chinese government and storing encryption keys in China. While I would prefer it if it would take a stand against China, I really can't blame it for putting its business model ahead of its desires for customer privacy. Two more articles...

6.8AI score

RedHat Linux•added 2018/02/26 9:37 p.m.•3 views

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

Malwarebytes•added 2018/02/20 9:53 p.m.•65 views

Encryption 101: a malware analyst’s primer

While most in the security industry know what encryption is, many lack a basic understanding of how it is used in malware—especially ransomware. Because of this, we thought it would be beneficial to do an introductory primer on encryption mechanisms and how they are exploited for malicious...

6.5AI score

Talos Blog•added 2018/01/22 9:29 a.m.•20 views

SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks

This post was written by Vitor Ventura Introduction Talos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do...

7.7AI score

RedHat Linux•added 2018/01/17 5:33 p.m.•4 views

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)