Security Advisories
-
2015-825: JUNIPER multiple Security issues with ScreenOS
Friday, December 18, 2015 11:38:00 AM CETDuring a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
-
2015-824: Remote code execution vulnerability in jar analysis
Wednesday, December 16, 2015 05:44:00 PM CETTavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of the most privileged machines on the network. This allows exfiltration of confidential data, tampering with traffic, lateral movement around networks and even self-propagating internet worms.
-
2015-750: Vulnerable Dell Self-Signed Root certificates
Tuesday, November 24, 2015 04:11:00 PM CETSome Dell laptops and desktops come with a pre-installed self-signed root certificate under the name of eDellRoot and in some occasions have also an installed another self-signed root certificate under the name of DSDTestProvider. This is a potential security vulnerability that makes it easy for attackers to hijack Internet connections and masquerade as trusted websites. That security vulnerability compromises the security of encrypted HTTPS connections.
-
2015-325: Logjam Attack
Tuesday, June 09, 2015 03:50:00 PM CESTLast days was published a new vulnerability related to TSL/SSL protocol called Logjam attack. This vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography (which is an old working mode, still there to support legacy system enforcing former US cryptography exportation restrictions).