TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)

Bulletin ID: AMD-SB-1023 Potential Impact: Loss of Integrity, Confidentiality and Availability Summary A malicious hypervisor HV along with an unprivileged process controlled by an attacker and executing in a guest VM, may maliciously control the process of flushing the Translation Lookaside Buff...

CVE-2021-28213

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks...

DEBIAN-CVE-2021-28213

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks...

CVE-2021-28213

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks...

UBUNTU-CVE-2021-28213

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks...

CVE-2021-28213

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks...

CVE-2021-28213

CVE-2021-28213 concerns an EDK2 encrypted private key in IpSecDxe.efi. However, the provided connected documents do not include concrete technical details (affected products, versions, root cause, or fixes). Monitor for updates.

FBI/AFP-Run Encrypted Phone

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything -- I dont even know if this qualifies as a...

TianoCore EDK2 加密问题漏洞

EDK2 is a set of cross-platform firmware development environments from the TianoCore Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a cryptographic issue vulnerability that stems from a potential security risk in the example EDK2 encrypted private key in IpSecDxe.e...

AMD 多款产品安全漏洞

AMD Platform Security Processor and others are products of AMD Corporation.AMD Platform Security Processor is a security processor.AMD Secure Encrypted Virtualization is an application software.AMD System Management Unit SMU is a system management unit. A security vulnerability exists in several...

Cerberus FTP Server Enterprise Cross-Site Scripting Vulnerability

Cerberus FTP Server is a Windows-based FTP server from Cerberus USA that supports encrypted FTP sessions via FTPS and SFTP. A cross-site scripting vulnerability exists in Cerberus FTP Server Enterprise versions prior to 10.0.19, 11.x series versions prior to 11.0.4, which can be exploited by an...

SAP NetWeaver AS ABAP Command Injection (June 2021)

A command injection vulnerability exists in SAP NetWeaver AS ABAP due to improperly restricting I/O buffering. An unauthenticated, remote attacker can exploit this, to insert cleartext commands into encrypted SMTP sessions over the network which can partially impact the integrity of the...

SUSE SLES11 Security Update : openssl1 (SUSE-SU-2019:14171-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14171-1 advisory. - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases,...

SUSE SLES11 Security Update : openssl (SUSE-SU-2020:14491-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14491-1 advisory. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections...

CVE-2021-33663

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper...

CVE-2021-33663

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper...

CVE-2021-20732

The ATOM ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate...

SUSE: Security Advisory (SUSE-SU-2019:0137-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

800+ criminals arrested after FBI turned Anom app into honeypot

By Waqas The FBI took control of the encrypted communication platform Anom app in 2018 and transformed it into a large-scale honeypot. This is a post from HackRead.com Read the original post: 800+ criminals arrested after FBI turned Anom app into honeypot...

‘An0m’ Encrypted-Chat Sting Leads to Arrest of 800

Law enforcement agencies have been selling encrypted phones to organized crime gangs for years, monitoring their conversations in what’s being called the biggest law enforcement sting ever. Since 2018, agencies have been overseeing the distribution of hardened, encrypted devices that have enabled...