Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

EUVD-2010-5103

Malware in sbrugna...

EUVD-2015-0621

Malware in sbrugna...

EUVD-2019-7924

Malware in sbrugna...

EUVD-2018-10096

Malware in sbrugna...

EUVD-2002-2233

Malware in sbrugna...

EUVD-2024-25842

Malicious code in bioql PyPI...

CVE-2024-38891

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information...

CVE-2012-4116

The fabric-interconnect component in Cisco Unified Computing System UCS does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970...

CVE-2008-4404

The IPv6 Neighbor Discovery Protocol NDP implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service loss of connectivity or read private network traffic via a spoofed message that modifies the Forwa...

CVE-2025-30163 Node based network policies may incorrectly allow workload traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...

CVE-2023-36748

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2022-2403

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by...

CVE-2022-2403

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. This flaw allows a malicious user to read the...

CVE-2021-28509

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to...

SQL Injection Vulnerability in the Traffic Security Management of Tianrongxin Technology Group

Founded on August 30, 1985, Skyrise Technology Group, or "Skyrise" for short, is a leading provider of network security, big data and security cloud services in China. A SQL injection vulnerability exists in the traffic security management of Tianrongxin Technology Group. An attacker can exploit...

PT-2020-6349

Name of the Vulnerable Software and Affected Versions Modicon M221 all references, all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A vulnerability exists due to a small space of random values, which could allow an attacker to brea...

Inspecting TLS Web Traffic - Part 1

In this series of blogs I'm going to talk about how the continued move towards all web traffic being encrypted has impacted enterprise security. In this blog I'm going to focus on the basics - what is encrypted web traffic and how can you proactively control this. TLS encryption is the de-facto...

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

Threat Outbreak Alert RuleID25681: Email Messages Distributing Malicious Software on October 17, 2016

Medium Alert ID: 49311 First Published: 2016 October 17 17:53 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID25681 may contain the following files: Name |...