5469 matches found
CVE-2025-5270
CVE-2025-5270 concerns Mozilla Firefox and Thunderbird where SNI could be sent unencrypted even when encrypted DNS is enabled. Affected products are Firefox versions earlier than 139 and Thunderbird versions earlier than 139. The vulnerability’s impact includes potential disclosure of sensitive i...
M3S-UPD: Efficient Multi-Stage Self-Supervised Learning for Fine-Grained Encrypted Traffic Classification with Unknown Pattern Discovery
The growing complexity of encrypted network traffic presents dual challenges for modern network management: accurate multiclass classification of known applications and reliable detection of unknown traffic patterns. Although deep learning models show promise in controlled environments, their...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from the possibility of incorrectly forwarding duplicate encrypted packets that should be discarded under certain circumstance...
Mozilla Firefox < 139.0
The version of Firefox installed on the remote Windows host is prior to 139.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-42 advisory. - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these...
Firefox -- unencrypted SNI
[email protected] reports: In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled...
PT-2025-22995
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Description The issue arises when SNI Server Name Indication could be sent unencrypted despite having encrypted DNS enabled. This affects Firefox, potentially exposing user data. Recommendations For versions prior...
Language of Network: a Generative Pre-Trained Model for Encrypted Traffic Comprehension
The increasing demand for privacy protection and security considerations leads to a significant rise in the proportion of encrypted network traffic. Since traffic content becomes unrecognizable after encryption, accurate analysis is challenging, making it difficult to classify applications and...
The vulnerability of the telnetd service in D-Link router microprogramming systems such as DIR-605L and DIR-816L allows a hacker to execute arbitrary code.
The vulnerability of the telnetd service in D-Link router microprogramming systems like DIR-605L and DIR-816L lies in the use of strictly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using the built-in login credentials...
Fedora: Security Advisory (FEDORA-2025-c38fd06bec)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LLM-Driven APT Detection for 6G Wireless Networks: a Systematic Review and Taxonomy
Sixth Generation 6G wireless networks, which are expected to be deployed in the 2030s, have already created great excitement in academia and the private sector with their extremely high communication speed and low latency rates. However, despite the ultra-low latency, high throughput, and...
CVE-2024-36511
An improperly implemented security check for standard vulnerability CWE-358 in FortiADC Web Application Firewall WAF 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an...
CVE-2024-36495
The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
CVE-2024-20261
A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a...
Nextcloud: Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory
A security vulnerability was discovered in the desktop client of a file-sharing application. The vulnerability allowed information disclosure when attempting to lock a file inside an end-to-end encrypted directory...
CVE-2024-39925
An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...
CVE-2024-39921
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...
CVE-2024-54466
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a different user without prompting for the password...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2023-22918
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, VPN series...
CVE-2023-20109
A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...