Registered OTP Device Removal Failure on native OTP management page

The following log can be found in "/tmp/aaad.debug" nsldapregisterencryptedotp 1-52: nsldapregisterencryptedotp: secret empty, nothing to delete for user...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a conditional contention vulnerability, which arises from a KVM in the Linux kernel with Secure Encrypted Virtualization SEV AMD processor...

Oracle Linux 7 : firefox (ELSA-2023-5019)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-5019 advisory. 102.15.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add...

USN-6343-1: Linux kernel (OEM) vulnerabilities

It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service excessive CPU consumption. CVE-2023-1206 Ross Lagerwall discovered that the Xen netback backend...

Mozilla: Push notifications saved to disk unencrypted

The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information...

X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation

X, the social media site formerly known as Twitter, has updated its privacy policy to collect users' biometric data to tackle fraud and impersonation on the platform. "Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes," the...

The vulnerability of the MXSecurity software platform for managing security in industrial networks lies in the use of strictly encrypted credentials, which allows attackers to execute a type of “man-in-the-middle” attack.

The vulnerability of the MXSecurity software platform for managing security in industrial networks stems from the use of a strictly encrypted cryptographic key on the host. Exploiting this vulnerability allows an attacker operating remotely to execute a “man-in-the-middle” type attack...

SUSE CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...

Security Vulnerabilities fixed in Firefox ESR 115.2 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...

CVE-2022-46783

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

CVE-2022-46783

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

Design/Logic Flaw

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

The vulnerability of microprogramming software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises from the use of rigidly encrypted account data. This allows a intruder to gain unauthorized access to protected information and compromise its integrity.

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, such as PHOENIX CONTACT WP 6xxx, is related to the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...

The vulnerability of microprogramming software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises from the use of rigidly encrypted account data. This allows a intruder to gain unauthorized access to protected information and compromise its integrity.

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, such as PHOENIX CONTACT WP 6xxx, is related to the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...

CVE-2022-46783

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book...

Lockbit leak, research opportunities on tools leaked from TAs

Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service RaaS program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted...

Locally Encrypted File Disclosure

ActiveSupport is vulnerable to Locally Encrypted File Disclosure. The vulnerability exists because the library's temporary file's permissions default to the user's current umask settings, which allows an attacker on the same system to read the contents of the temporary file before it gets encrypt...

GHSA-CR5Q-6Q9F-RQ6Q Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

Information Exposure

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Information Exposure. The ImpactActiveSupport::EncryptedFile method writes contents that will be encrypted to a temporary file...