How to Detect New Threats via Suspicious Activities

Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid...

The vulnerability of the access control tool, Policy Manager, in the software for remote IT support and monitoring provided by Dell Secure Connect Gateway (SCG), allows a perpetrator to increase their privileges.

The vulnerability of the access control mechanism in the Policy Manager software for remote IT support and monitoring in Dell Secure Connect Gateway SCG is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to increase their...

The vulnerability of the implementation of the AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) technology in microprogramming-based CPU software arises from copying buffers without checking the size of the input data. This allows attackers to disclose protected information.

The vulnerability of the AMD Secure Encrypted Virtualization-Encrypted State SEV-ES technology implementation in microprogramming-based CPU software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to disclose protected...

The vulnerability of the AMD Secure Encrypted Virtualization (SEV) implementation, a micro-software solution for AMD processors, allows attackers to disclose protected information.

The vulnerability of the AMD Secure Encrypted Virtualization SEV technology, a micro-software solution for AMD processors, arises from the execution of operations beyond the buffer in memory due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to...

Improper Signature Validation

Zip4j is vulnerable to Improper Signature Validation. The vulnerability is due to improper AES Message Authentication Code MAC validation when the MAC signature got corrupted in an encrypted ZIP archive. This flaw can result in an attacker modifying the archive without the library detecting the...

The vulnerability of the Apex-VUZ education automation system, related to the use of strictly encrypted user data, allows a perpetrator to gain full access to the software environment.

The vulnerability of the Apex-VUZ education automation system is related to the use of strictly encrypted user data. Exploiting this vulnerability could allow a malicious actor to gain full access to the software environment...

SUSE CVE-2008-0072

Format string vulnerability in the emfmultipartencrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field...

SUSE CVE-2009-2407

Heap-based buffer overflow in the parsetag3packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service system crash or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a...

SUSE CVE-2010-0015

nis/nssnis/nis-pwd.c in the GNU C Library aka glibc or libc6 2.7 and Embedded GLIBC EGLIBC 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function...

SUSE CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

SUSE CVE-2012-4409

Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...

SUSE CVE-2012-6655

An issue exists AccountService 0.6.37 in the userchangepasswordauthorizedcb function in user.c which could let a local users obtain encrypted passwords...

SUSE CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

SUSE CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...

SUSE CVE-2015-1790

The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob that uses ASN.1 encoding and lack...

SUSE CVE-2016-2176

The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service buffer over-read via crafted EBCDIC ASN.1 data...

SUSE CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

SUSE CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

SUSE CVE-2016-5746

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf...

SUSE CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...