EUVD-2023-54253

Malicious code in bioql PyPI...

The Slow-Burn Nightmare of the National Public Data Breach

Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches...

Disney “breached,” data dumped online

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “DisneySlackLeak Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Wa...

Reddit: Infromation Disclosure To Use of Hard-coded Cryptographic Key

Vulnerability description not provided...

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

CVE-2023-49092

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...

CVE-2023-4389 Kernel: btrfs: double free in btrfs_get_root_ref()

A flaw was found in btrfsgetrootref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information...

CVE-2023-4389

A flaw was found in btrfsgetrootref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information...

HackerOne: Asset Inventory Internal Descriptions are leaked in CSV export

An internal asset description in the Asset Inventory feature of HackerOne was leaked in the CSV export, potentially exposing sensitive information stored in the description...

USN-6037-1: Apache Commons Net vulnerability

ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private...

Siemens COMOS

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Memory Allocation with Excessive Size Value, Untrusted Pointer Dereference, Type Confusion, Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Use After Free,...

AMD Graphics Driver has an unspecified vulnerability (CNVD-2021-100385)

AMD Graphics Driver, an integrated graphics driver from AMD, is a security vulnerability that can be exploited by attackers to cause a Windows BugCheck or to write leaked information...

CVE-2021-26318

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information...

Talos Takes Ep. #67: What a leaked playbook tells us about the Conti ransomware group

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. There's a lot to take apart in the recently leaked Conti ransomware playbook. After a disgruntled member of the... This is...

Updated firefox packages fix security vulnerabilities

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs CVE-2021-23968. As specified in the W3C...

CVE-2019-13377

The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...

Honda's Security 'Soft Spots' Exposed in Unsecured Database

An unsecured database belonging to Honda Motor Company was found leaking crucial information about its global systems, including which devices aren’t up-to-date or protected by security solutions. The exposed ElasticSearch database contained approximately 134 million documents, and amounted to...

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

Design/Logic Flaw

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...