Stay connected

Trending News

The processing of responses coming from specially crafted DNSSEC-signed zones can cause CPU exhaustion on a DNSSEC-validating resolver.
News

CVE-2023-50387: KeyTrap – Extreme CPU consumption in DNSSEC validator 

CVE: CVE-2023-50387 Title: KeyTrap – Extreme CPU consumption in DNSSEC validator Document version: 2.0 Posting date: 13 February 2024 Program impacted: BIND 9 Versions affected: BIND (Versions prior to 9.11.37 were not assessed.) BIND Supported Preview Edition (Versions prior to 9.11.37-S1 were not assessed.) Severity: High Exploitable: Remotely Description: The processing of…

Heap-based buffer overflow in the glibc's syslog ()
Exploit, News

Heap-based buffer overflow in the glibc’s syslog () 

Summary -Heap-based buffer overflow in the glibc’s syslog () We discovered a heap-based buffer overflow in the GNU C Library’s __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit: https://sourceware.org/git?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1…

Cisco Unified Communications Products Remote Code Execution Vulnerability
Critical vulnerabiliities, Cyber Security, IoT Security, News, Vulnerabilities

Cisco Unified Communications Products Remote Code Execution Vulnerability 

Summary Affected Products Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Workarounds Additionally, follow the best practices that are…

Passive SSH Key
White Papers

Passive SSH Key Compromise via Lattices 

ABSTRACTWe demonstrate that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included…