BIT-ELASTICSEARCH-2024-23449 Elasticsearch Uncaught Exception

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

CVE-2022-32502

An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

New Attack on VPNs

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, ...

The vulnerability of the PowerPanel Business monitoring and power source management system, related to the use of strictly encrypted account data, allows a intruder to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the PowerPanel Business monitoring and power source management system lies in the use of strictly encrypted account data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information and enhance their privileg...

The vulnerability of the PowerPanel Business monitoring and power source management system lies in the use of a strictly encrypted cryptographic key. This allows attackers to impersonate other users and send malicious data into the system.

The vulnerability of the PowerPanel Business monitoring and power source management system lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability allows an attacker to impersonate another user and send malicious data into the system...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

FBI warns online daters to avoid “free” online verification schemes that prove costly

The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information...

kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack

A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even...

kernel: ext4: improve error handling from ext4_dirhash()

In the Linux kernel, the following vulnerability has been resolved: ext4: improve error handling from ext4dirhash The ext4dirhash will almost never fail, especially when the hash tree feature was first introduced. However, with the addition of support of encrypted, casefolded file names, that...

RHEL 7 : openstack-nova (RHSA-2018:2714)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2714 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

AI-Controlled Fighter Jets Are Dogfighting With Human Pilots Now

Plus: New York’s legislature suffers a cyberattack, police disrupt a global phishing operation, and Apple removes encrypted messaging apps in China...

CVE-2024-29959

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

CVE-2024-29959

Summary: CVE-2024-29959 affects Brocade SANnav (standalone SAN management) prior to SANnav 2.3.1 and 2.3.0a, where the Standby node’s support save files expose encrypted Fabric OS switch passwords. The root cause is improper handling of sensitive data in the standby save, leading to password leak...

CVE-2024-29959 Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.19...

CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...