Fortinet FortiWeb Trust Management Issue Vulnerability

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A trust management issue vulnerability exis...

Siemens Mendix Encryption Module

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:4379 Important: gvisor-tap-vsock security update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes:...

ALSA-2024:4371 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl (CVE-2022-4304)

The version of cloud-hypervisor / edk2 / hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption...

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

...

net: tls: fix use-after-free with partial reads and async decrypt

...

PT-2024-28698 · Newpass · Newpass

Name of the Vulnerable Software and Affected Versions: NewPass versions prior to 1.2.0 Description: The issue allows unauthorized access to sensitive information because passwords are stored directly rather than as password hashes. Although data at rest is encrypted, it is decrypted within proces...

CVE-2024-38532

The NXP Data Co-Processor DCP is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcptool reference implementation included in the repository selected the test key, regardless of its -t argument. This...

CVE-2024-38532

The CVE-2024-38532 issue affects the NXP Data Co-Processor (DCP) used in specific NXP SoCs, where the dcp_tool reference implementation selected a test key regardless of the -t argument. This root cause is addressed by patch commit 26a7. Connected sources describe the vulnerability as tied to the...

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

PT-2024-12719 · Ibm · Ibm Security Access Manager Docker

Name of the Vulnerable Software and Affected Versions: IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...

MAL-2024-5283 Malicious code in jsbip39-decrypt (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

CVE-2024-35537

CVE-2024-35537 affects TVS Motor Company Limited TVS Connect on Android v4.6.0 and iOS v5.0.0. The root cause is insecure handling of the RSA key pair, which could allow an attacker to decrypt and access sensitive information. Publicly available documents consistently describe the issue as improp...