Advisory: Intel Spectre and Meltdown

Grace NacesAdvisories

Publication Date: 10th Jan 2018 Last Updated: 19th Jan 2018 Version 1.04: Interim Description On 3rd January 2018, 3 vulnerabilities were disclosed for Intel microprocessors that could allow an attacker that has local access to a server to read privileged information belonging to other processes or the operating system by … Read More

Advisory: DROWN Vulnerability (CVE-2016-0800)

Grace NacesAdvisories

Publication Date: 7 March 2016 Updated: 15 March 2016 Description A vulnerability that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. The Traffic between clients and non-vulnerable servers can be decrypted if another server supporting SSLv2 … Read More

Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)

Grace NacesAdvisories

Publication Date: 06 Jul 2015 Description SQL Injection Vulnerability A vulnerability which allows user to perform queries on the underlying datastore via ppli URL parameter of the default login page main.ant; CVE-2015-2849 Cross-Site Scripting Vulnerability A reflected cross-site scripting vulnerability exists in the msg URL parameter of the admin login page … Read More

UPDATE on Vulnerability CVE-2015-0932

Grace NacesAdvisories, Latest News

We would like to proactively inform you about a zero-day vulnerability found with some of our InnGate HSIA gateways. We also would like to update you that a fix for the vulnerability is already available since 26 Mar 2015 and that we are actively working with our partners to patch … Read More