PT-2026-4950

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 3.6 OpenSSL version 1.1.1 Description A malformed PKCS12 file can cause a NULL pointer dereference in the PKCS12 item decrypt d2i ex function. This can lead to a denial of service, causing an application crash wh...

CVE-2024-56690

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padatadoparallel return -EBUSY Since commit 8f4f68e788c3 "crypto: pcrypt - Fix hungtask for PADATARESET", the pcrypt encryption and decryption operations return -EAGAIN when the CP...

CVE-2024-56690 crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padatadoparallel return -EBUSY Since commit 8f4f68e788c3 "crypto: pcrypt - Fix hungtask for PADATARESET", the pcrypt encryption and decryption operations return -EAGAIN when the CP...

CVE-2024-56690

CVE-2024-56690 : Linux kernel crypto: pcrypt fix for -EBUSY/-EAGAIN. After commit 8f4f68e7, padata_do_parallel() may return -EAGAIN for pcrypt encrypt/decrypt when CPUs go online/offline, triggering a WARN/panic under panic_on_warn. The remediation is to call the crypto layer directly (no paralle...

CVE-2024-56690 crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padatadoparallel return -EBUSY Since commit 8f4f68e788c3 "crypto: pcrypt - Fix hungtask for PADATARESET", the pcrypt encryption and decryption operations return -EAGAIN when the CP...

LSN-0108-1 Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

BIT-NODE-MIN-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

Trellix Data Loss Prevention 安全漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. A security vulnerability exists in Trellix Data Loss Prevention Trellix DLP version...

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

PT-2024-22296 · Image Access Gmbh · Scan2Net

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The issue concerns the application's use of several hard-coded credentials. These credentials are used for encrypting config files during backup and decrypting new firmware during...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from the application's use of multiple hard-coded credentials to encrypt configuration...

Modular Java Backdoor Dropped in Cleo Exploitation Campaign

Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...

CVE-2024-53832

CVE-2024-53832 affects Siemens SICAM A8000 devices (CP-8031/CP-8050) with CPCI85 Central Processing/Communication, all versions before V05.30. A secure element is connected via an unencrypted SPI bus, enabling a physically proximate attacker to observe the authentication password and use the secu...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

Siemens CPCI85 Central Processing 安全漏洞

The SICAM A8000 RTU Remote Terminal Unit is a modular device for remote control and automation applications in all areas of energy supply. A firmware decryption vulnerability exists in the Siemens SICAM A8000 CP-8031 and CP-8050 due to the fact that the affected devices contain a secure element...

IBM Cognos Controller Encryption Problem Vulnerability (CNVD-2024-47515)

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An encryption issue vulnerability exists in IBM Cognos...

GHSA-4GRW-M28R-Q285 rPGP Potential Resource Exhaustion when handling Untrusted Messages

During a security audit, Radically Open Security discovered two vulnerabilities which allow attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. Impact Affected rpgp versions do not...