89 matches found
Certified Randomness Amplification by Dynamically Probing Remote Random Quantum States
Cryptography depends on truly unpredictable numbers, but physical sources emit biased or correlated bits. Quantum mechanics enables the amplification of imperfect randomness into nearly perfect randomness, but prior demonstrations have required physically co-located, loophole-free Bell tests,...
EUVD-2020-0848
Malware in sbrugna...
EUVD-2012-2723
Malware in sbrugna...
Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin
The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face...
CVE-2024-47162
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page...
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
Amazon Linux 2 : openssl11 (ALAS-2023-1974)
The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1974 advisory. AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the...
CVE-2022-2097 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-29875
A vulnerability has been identified in Biograph Horizon PET/CT Systems All VJ30 versions VJ30C-UD01, MAGNETOM Family NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A, MAMMOMAT Revelation All VC20 versions VC20D, NAEOTOM Alpha All VA40 versions VA40 SP2, SOMATOM X.cite All versions VA30 SP5 or...
Deserialization of untrusted data
A vulnerability has been identified in Biograph Horizon PET/CT Systems All VJ30 versions VJ30C-UD01, MAGNETOM Family NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A, MAMMOMAT Revelation All VC20 versions VC20D, NAEOTOM Alpha All VA40 versions VA40 SP2, SOMATOM X.cite All versions VA30 SP5 or...
CVE-2022-29875
A vulnerability has been identified in Biograph Horizon PET/CT Systems All VJ30 versions VJ30C-UD01, MAGNETOM Family NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A, MAMMOMAT Revelation All VC20 versions VC20D, NAEOTOM Alpha All VA40 versions VA40 SP2, SOMATOM X.cite All versions VA30 SP5 or...
CVE-2021-28544
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...
New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software...
CVE-2021-42067
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information...
CVE-2021-31855
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server e.g., an IMAP server causes KMail to upload the decrypted content of the message to the remote server. With a crafted message...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4592-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4592-1 advisory. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type- confusion error. A physically proximate remote...
Design/Logic Flaw
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
CVE-2020-14292
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone...
Iranian Hackers Targeted a US Presidential Candidate
A revelation from Microsoft offers a chilling reminder that Russia is not the only country interested in swaying the 2020 election...
CVE-2016-10821
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list SEC-75...