Security Advisories

  • Authentication bypass in server mode-CVE-2018-10933

    Published by libssh on October 19, 2018

  • L1 Terminal Fault - INTEL-SA-00161

    Published by Intel on August 14, 2018

  • The Dangers of Key Reuse: Practical Attacks on IPsec IKE

    Published at the Usenix Symposium on August 15, 2018

  • Meltdown and Spectre Vulnerabilities

    VU#584653 originally published by CERT on January 3, 2018

  • Return of Bleichenbacher's Oracle Threat (ROBOT Attack) -- A TLS Vulnerability

    VU#144389 originally published by CERT on December 12, 2017

  • Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update, Escalation of Privilege

    INTEL-SA-00086 published by Intel on November 20, 2017

     

  • DOS Security Vulnerability, Published by node.js on October 24, 2017

    CVE-2017-14919

  • INTEL-SA-00075, CVE-2017-5689 published by Intel on May 1, 2017
  • Dirty COW Vulnerability, Published by dirtycow.ninja on October 21, 2016

    CVE-2016-5195

  • OCSP Status Request extension unbounded memory growth, Published by OpenSSL on 9/22/2016

    CVE-2016-6304

    Paired with:

    CVE-2016-6309, Fix Use Free for large message sizes

  • Multiple OpenSSL Vulnerabilities

    CVE-2016-2108, CVE-2016-2107

  • Drown attack vulnerability, Published by NIST on 03/01/2016

    CVE-2016-0800

  • glibc getaddrinfo stack-based buffer overflow, Published by NIST on 02/18/2016

    CVE-2015-7547

  • RC4 algorithm vulnerability to ‘plain-text recovery’ attacks as used in TLS/SSL, Published by NIST on 03/15/2013

    CVE-2013-2566

  • RFC 5469 Compliance
  • Mass Assignment Vulnerability, Published by seclists.org on 09/09/2015
  • Unauthenticated File Read Vulnerability, Published by seclists.org on 09/09/2015
  • Command Injection Vulnerability, Published by seclists.org on 09/09/2015
  • Shell Upload Vulnerability, Published by seclists.org on 09/09/2015
  • Cross-Site Reflect Forgery (CSRF) Vulnerability through hardcoded account, Published by NIST on 07/28/2014

    CVE-2014-2974

  • Cross-Site Scripting (XSS) Vulnerability, Published by NIST on 07/28/14

    CVE-2014-2975

  • OpenSSH Keyboard-Interactive Authentication Brute Force Vulnerability, Published by NIST on 08-02-2015

    CVE-2015-5600

  • Logjam Vulnerability, Published by NIST on 05-20-2015

    CVE-2015-4000

  • GHOST Vulnerability, Published by NIST on 01-28-2015

    glibc:__nss_hostname_digits_dots() heap-based buffer overflow

    CVE-2015-0235

  • libpng Exploit Vulnerability, Published by NIST on 02-27-2014

    CVE-2014-0333

  • SSL 3.0 Vulnerability, a.k.a. "Poodle", Published by NIST on 10-16-2014

    CVE-2014-3566, CVE-2014-3568

  • GNU Bash Vulnerability, a.k.a. "Shellshock", Published by NIST on 09-24-2014

    CVE-2014-7169, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187

  • Open SSL Vulnerability, a.k.a. "Heartbleed Bug", Published on 04-09-2014

    CVE-2014-0160

  • Multiple Open SSL Vulnerabilities, Published by OpenSSL.org on 10-15-2014

    CVE-2014-3513, CVE-2014-3567