SUSE CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

SUSE CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack...

SUSE CVE-2020-12400

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...

SUSE CVE-2022-40735

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...

TrickBot gang members sanctioned after pandemic ransomware attacks

In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot alias "TrickLoader", a mainstream banking Trojan turned malware-as-a-service MaaS platform for other criminal...

CVE-2023-22943

In Splunk Add-on Builder AoB versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs...

PT-2023-19655 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged...

Security Advisory 0082

Security Advisory 0082 . CSAF PDF Date: February 14, 2023 Revision | Date | Changes ---|---|--- 1.0 | February 14th, 2023 | Initial release 1.1 | February 22nd, 2023 | Update the Hotfix SWIX The CVE-ID tracking this issue: CVE-2023-24509 CVSSv3.1 Base Score: 9.3...

Debian: Security Advisory (DLA-3298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Emotet Malware Makes a Comeback with New Evasion Techniques

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by...

Moderate: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Subparse - Modular Malware Analysis Artifact Collection And Correlation Framework

Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine,...

USN-5253-1: Rack vulnerabilities

It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. CVE-2019-16782 It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performin...

PT-2022-27694 · Unknown · Talon Tc Compact +3

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 TALON TC Compact BACnet...

CVE-2022-45937

Siemens CVE-2022-45937 affects APOGEE PXC Series ( BACnet and P2 Ethernet ) and TALON TC Series up to specific versions: APOGEE PXC BACnet before 3.5.5; APOGEE PXC P2 Ethernet before 2.8.20; TALON TC BACnet before 3.5.5. The vulnerability is an Improper Access Control that could allow a low-privi...

[SECURITY] Fedora 35 Update: grub2-2.06-14.fc35

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

[SECURITY] Fedora 37 Update: grub2-2.06-63.fc37

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

Design/Logic Flaw

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...

CVE-2022-40735

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2022-0076)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field...