Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was...

Envoy Data Forgery Issue Vulnerability

Envoy is an open source distributed proxy server . A security vulnerability exists in Envoy 1.13.0 and earlier versions. An attacker can exploit this vulnerability by sending specially crafted packets over the TLS protocol to bypass security restrictions...

PT-2020-5141 · Cncf · Envoy

Name of the Vulnerable Software and Affected Versions: CNCF Envoy versions prior to 1.13.0 Description: The issue is related to insufficient authentication of data in the Envoy network software. It allows a remote attacker to bypass security restrictions by using only TLS 1.3, which could lead to...

Why Businesses Should Consider Managed Cloud-Based WAF Protection

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy. It's very evident that...

Citrix App Layering - Error while trying to import layers

While trying to import layers, App Layering console displays an error: "An unexpected exception occurred. If this problem continues, contact Technical Support and provide them with the details of this exception". Looking at the ELM Web logs, we might see the below errors: ERROR 2832HandlerHelper:...

Kr00k WiFi Vulnerability

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

CVE-2020-3172

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

CVE-2020-3172 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

CVE-2020-3172 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

Lift the DDoS Smokescreen: Investigate Underlying Attacks

"Hold out baits to entice the enemy. Feign disorder, and crush him." Sun Tzu The sophistication of cybercriminals and the attraction of the “Black Hat” cyberspace have grown dramatically over the years. In the past, cyber assaults were carried out mostly by amateurs, motivated by boredom or plain...

PT-2020-1987 · Cisco · Cisco Fxos +2

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software and Cisco NX-OS Software affected versions not specified Description: A vulnerability in the Cisco Discovery Protocol feature could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a...

nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string

An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication...

nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string

An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication...

UBUNTU-CVE-2020-2732

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest...

nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string

An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication...

CVE-2020-7252

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer DXL Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...

CVE-2020-7252

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer DXL Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...

CVE-2020-7252

CVE-2020-7252 affects McAfee Data eXchange Layer (DXL) Framework, specifically the DXL Broker. The issue is an unquoted service executable path in DXL Broker versions up to 6.0.0 and earlier, which local users can exploit to trigger a denial of service and execute arbitrary files via carefully cr...

CVE-2020-7252 Unquoted service executable path

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer DXL Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...