EUVD-2019-6194

Malware in sbrugna...

EUVD-2020-28203

Malware in sbrugna...

Exposure Of Sensitive Information To An Unauthorized Actor

libzpehyr.so is vulnerable to Exposure Of Sensitive Information To An Unauthorized Actor. The vulnerability is due to improper handling of encryption procedure status codes, which allows a custom-made remote controller to incorrectly indicate success even when encryption requests are rejected...

ROS-20240916-03

A vulnerability in the Node.js software platform is related to insufficient data authentication. Exploitation of the vulnerability could allow an attacker acting remotely to disable the validation of the integrity A vulnerability in the APIgenerateKeys function of the Node.js software platform is...

ROS-20240730-10

Mbed TLS software vulnerability is related to errors in encryption processing in DTLS connections DTLS when using a null cipher or RC4 cipher. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

The vulnerability of Windows operating system-based Cryptographic Services allows attackers to circumvent existing security restrictions.

The vulnerability of Windows operating system’s Cryptographic Services is related to data encryption errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers allows a attacker to disclose protected information by executing attacks through auxiliary channels.

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers is related to data encryption errors. Exploiting this vulnerability can allow attackers to disclose sensitive information by launching attacks through secondary channel...

The vulnerability of the CMAC_Final() function in the OpenSSL library, which allows a hacker to gain access to protected information

The vulnerability of the CMACFinal function in the OpenSSL library is related to errors in encryption results. Exploiting this vulnerability can allow a remote attacker to gain access to protected information...

The vulnerability in the web interface of Cisco Firepower Management Center’s software management interface allows a perpetrator to gain unauthorized access to confidential configuration information.

The vulnerability of the Cisco Firepower Management Center’s software network management interface is related to errors in the encryption of confidential information stored in the graphical interface configuration console. Exploiting this vulnerability can allow an attacker to gain unauthorized...

The vulnerability of the cryptographic module of microprogramming software for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to trigger a service failure.

The vulnerability of the cryptographic module of microprogramming software for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to errors in encryption and decryption processes. Exploiting this vulnerability can allow a malicious actor to cause service...

The vulnerability of the distributed database management system Apache Impala, related to errors in information encryption, allows attackers to increase their privileges.

The vulnerability of the distributed database management system Apache Impala is related to errors in information encryption. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

The vulnerability of the LibreOffice office software package, related to errors in information encryption, allows a perpetrator to gain access to protected information.

The vulnerability of the LibreOffice office software package is related to errors in information encryption. Exploiting this vulnerability can allow a remote attacker to gain access to protected information...

What you didn’t know about OWASP Top-10 2017? Part 1/3

I hope everybody have already read the latest OWASP Top-10 list . Let me share some useful insights about it. First of all, OWASP Top-10 is NOT a vulnerability classification system. Rather it is a list of the most critical security risks for web application. What’s the difference? For example, t...

New IETF Group to Tackle TLS Implementation in Applications

The NSA surveillance scandal has created ripples all across the Internet, and the latest one is a new effort from the IETF to change the way that encryption is used in a variety of critical application protocols, including HTTP and SMTP. The new TLS application working group was formed to help...