CVE-2022-0171

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization SEV...

Ubuntu: Security Advisory (USN-833-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

UBUNTU-CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

Reset your password now! Plex suffers data breach

In an email sent to its users, Plex has revealed that a cybercriminal accessed some customer data, including emails and encrypted passwords. From the email that was sent out by the Plex security team: Yesterday, we discovered suspicious activity on one of our databases. We immediately began an...

Demystifying Qbot Malware

Demystifying Qbot Malware By Adithya Chandra · August 24, 2022 This blog was also written by Sushant Kumar Arya Executive summary The Trellix SecOps Team has observed an uptick in the Qbot malware infections in recent months. Qbot has been an active threat for over 14 years and continues to evolv...

Rhonabwy 加密问题漏洞

Rhonabwy is a Javascript Object Signing and Encryption JOSE library from the Canadian personal developer Nicolas Mora. A cryptographic issue vulnerability exists in version 1.1.x of Rhonabwy prior to 0.9.99 to 1.1.7, which stems from not checking the length of the RSA private key before decryptin...

Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second

Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service DDoS attacks which peaked at 46 million requests per second RPS, making it the largest such DDoS offensive recorded to date. The attack, which occurred on June 1, 2022, targeting an unnamed...

USN-5245-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if the repositories weren't encrypted http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

The vulnerability of the software authentication mechanism of Spectrum Virtualize allows a perpetrator to escalate their privileges.

The vulnerability of the software authentication mechanism of Spectrum Virtualize is related to the use of strictly encrypted credentials. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF suffers from a buffer error vulnerability that stems from DCTStream::transformDataUnit in /xpdf/Stream.cc contains a heap buffer overflow...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF commit id ffaf11c has a security vulnerability that originates from DCTStream::lookChar in /xpdf/Stream.cc contains a heap buffer overflow...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF commit id ffaf11c has a security vulnerability that originates from DCTStream::readScan in /xpdf/Stream.cc contains a heap buffer overflow...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF has a buffer error vulnerability that originates from DCTStream::getChar in /xpdf/Stream.cc contains a heap buffer overflow...

XPDF 代码问题漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF has a code issue vulnerability that stems from Lexer::getObjObject in /xpdf/Lexer.cc contains a segmentation violation...

XPDF 安全漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF commit id ffaf11c has a security vulnerability that originates from /xpdf/Lexer.cc in Lexer::getObjObject contains a global buffer overflow...

Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger

Social media company Meta said it will begin testing end-to-end encryption E2EE on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent...

The vulnerability of RSA key-generation functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to calculate secret RSA keys.

The vulnerability of RSA key exchange functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor ...