2015-825: JUNIPER multiple Security issues with ScreenOSFriday, December 18, 2015 11:38:00 AM CET
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
2015-824: Remote code execution vulnerability in jar analysisWednesday, December 16, 2015 05:44:00 PM CET
Tavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of the most privileged machines on the network. This allows exfiltration of confidential data, tampering with traffic, lateral movement around networks and even self-propagating internet worms.
2015-750: Vulnerable Dell Self-Signed Root certificatesTuesday, November 24, 2015 04:11:00 PM CET
Some Dell laptops and desktops come with a pre-installed self-signed root certificate under the name of eDellRoot and in some occasions have also an installed another self-signed root certificate under the name of DSDTestProvider. This is a potential security vulnerability that makes it easy for attackers to hijack Internet connections and masquerade as trusted websites. That security vulnerability compromises the security of encrypted HTTPS connections.
2015-325: Logjam AttackTuesday, June 09, 2015 03:50:00 PM CEST
Last days was published a new vulnerability related to TSL/SSL protocol called Logjam attack. This vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography (which is an old working mode, still there to support legacy system enforcing former US cryptography exportation restrictions).