EUVD-2020-6407

Malware in sbrugna...

EUVD-2021-14497

Malware in sbrugna...

CVE-2022-25219

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

CBL Mariner 2.0 Security Update: mariadb (CVE-2023-6935)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6935 advisory. - wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing...

K54039800: MatrixSSL vulnerability CVE-2016-6883

Security Advisory Description MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. CVE-2016-6883 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...

SUSE CVE-2018-19608

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-ECDHE cipher suites...

CVE-2022-25219

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

Design/Logic Flaw

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

Unspecified Vulnerability in HCL BigFix Inventory

HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...

CVE-2020-3585

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...

Security Bulletin: SSLv2 DROWN Vulnerability (CVE-2016-0800)

Question Security Bulletin: SSLv2 DROWN Vulnerability CVE-2016-0800 Answer Description A vulnerability has been found in the SSLv2 protocol which affects older versions of Aspera products. Newer versions of Aspera products no longer support SSLv2 and so are not affected by this vulnerability. The...

CVE-2017-17427

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

Code injection

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

CVE-2017-17427

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...

CVE-2017-17427

CVE-2017-17427 concerns Radware Alteon devices with firmware 31.0.0.0–31.0.3.0, vulnerable to a Bleichenbacher adaptive-chosen ciphertext attack on RSA. This could enable decryption of observed RSA-encrypted traffic and conduct other private-key operations. Connected sources corroborate the vulne...

CVE-2016-6883

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...

CVE-2016-6883

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...