EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2025-1990)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.CVE-2024-49504 Tenable has extracted the preceding...

ROS-20250813-06

A vulnerability in a software wrapper that allows arbitrary traffic to be hidden in an encrypted ssl tunnel Stunnel is related to incorrect client certificate validation when using the parameters redirection and VerifyChain parameters. Exploitation of the vulnerability could allow an attacker...

Linux Distros Unpatched Vulnerability : CVE-2021-4093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger...

Linux Distros Unpatched Vulnerability : CVE-2017-13305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. CVE-2017-13305...

ROS-20250812-09

A vulnerability in the encrypted function of the cross-platform software development framework Qt is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

AMD Server Vulnerabilities – August 2025

Summary Potential vulnerabilities in AMD EPYC™ Processor platforms that affect IOMMU, AMD Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP and other platform components, were found during audits performed internally and by third parties. Mitigations have been provided in AMD EPYC™...

Voltage Fault Injection on SEV Virtual Machines

Summary Researchers shared with AMD a report titled “Voltage Fault Injection on SEV-protected Virtual Machines.” The report noted a Voltage Fault Injection VFI attack targeting AMD EPYC™ 7272 CPUs running Secure Encrypted Virtualization SEV protected virtual machines VMs. Physical attacks such as...

SEV Ciphertext Side Channel Attacks

Summary AMD has received reports from two research groups detailing methods by which a malicious hypervisor could potentially execute a side channel attack against a running secure encrypted virtualization – secure nested paging SEV-SNP guest. The first report, titled “Relocate + Vote: Exploiting...

The vulnerability of the monitoring and control device for solar energy systems, Tigo Cloud Connect Advanced (CCA), arises from the use of strictly encrypted account data. This allows attackers to circumvent security restrictions, gain increased privileges, and obtain full control over the device.

The vulnerability of the monitoring and control device for solar energy systems, Tigo Cloud Connect Advanced CCA, lies in the use of strictly encrypted account data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions, gain increased privileges, and obtain full...

Linux Distros Unpatched Vulnerability : CVE-2025-38223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hit...

Linux Distros Unpatched Vulnerability : CVE-2021-47228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not ...

Linux Distros Unpatched Vulnerability : CVE-2021-31615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during...

Linux Distros Unpatched Vulnerability : CVE-2017-7374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibl...

Linux Distros Unpatched Vulnerability : CVE-2019-10732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts...

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sysauth$pic, 1 function, which utilizes a hard-coded key McEncryptionKey bD2voYwPpNuJ7B8, defined in the...

Measuring the Carbon Footprint of Cryptographic Privacy-Enhancing Technologies

Privacy-enhancing technologies PETs have attracted significant attention in response to privacy regulations, driving the development of applications that prioritize user data protection. At the same time, the information and communication technology ICT sector faces growing pressure to reduce its...

Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication

Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle AiTM position to deploy their custom ApolloShadow malware. ApolloShadow has the...

CVE-2025-54422

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...