DEBIAN-CVE-2024-45004

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read export will simply convert this field to hex and send it to...

CVE-2024-45004

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read export will simply convert this field to hex and send it to...

CVE-2024-45004

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read export will simply convert this field to hex and send it to...

CVE-2024-45004

CVE-2024-45004 affects the Linux kernel KEYS: trusted: dcp path. The bug leaks the blob encryption key (BEK) plaintext on export because BEK decryption occurs in-place in the key blob; subsequent reads output the BEK in plain text. The issue arises when importing a DCP-based trusted key and expor...

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

EulerOS Virtualization 2.12.1 : python-cryptography (EulerOS-SA-2024-2315)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured message...

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Supermicro Onboard IPMI Static SSL Certificate Scanner', 'Description' = %q This module checks for a static SSL certificate shipped with Supermic...

Fault Injection

Overview Affected versions of this package are vulnerable to Fault Injection through the RsaPrivateDecryption function. An attacker can disclose sensitive information and escalate privileges by exploiting the Rowhammer fault injection technique to manipulate the RsaKey structure. Remediation...

DEBIAN-CVE-2024-1545

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...

Gather electerm Passwords

This module will determine if electerm is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible. Module Options msf use post/multi/gather/electerm msf postelecte...

CVE-2023-4680

A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...

The vulnerability of the openssl_private_decrypt() function in the PKCS1 Padding Handler component of the PHP programming language interpreter allows a attacker to execute a Marvin attack.

The vulnerability of the opensslprivatedecrypt function in the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of an OpenSSL version that does not include the changes required by the RSAPKCS1IMPLICITREJECTION request. Exploiting this vulnerability...

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verificati...

CVE-2024-39745

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CentOS 8 : jose (CESA-2024:5294)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:5294 advisory. - latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value. CVE-2023-50967 ...

Why you need to know about ransomware

Last month, a strange thing happened in cybersecurity: a type of cyberthreat typically reserved for large businesses and critical services appeared on the computers of everyday people. Starting on July 20, hundreds of individuals across the globe began reporting problems with ransomware. Ransomwa...

EulerOS 2.0 SP12 : python-cryptography (EulerOS-SA-2024-2248)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

Ewon Cosy+ Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...