jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...

DELL ECS Connection Manager 安全漏洞

DELL ECS Connection Manager is a software for managing enterprise cloud storage from Dell DELL USA. A security vulnerability exists in DELL ECS Connection Manager that stems from the use of a reversible password encryption algorithm that allows an attacker to decrypt passwords...

UBUNTU-CVE-2024-26980

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2allocaterspbuf If -ProtocolId is SMB2TRANSFORMPROTONUM, smb2 request size validation could be skipped. if request size is smaller than sizeofstruct smb2queryinforeq, slab-out-of-bounds read ca...

CVE-2023-46294

The CVE-2023-46294 issue affects Teledyne FLIR M300 firmware version 2.00–19. Local passwords are stored encrypted but can be decrypted to plaintext using the umSetup utility, which requires root privileges. The risk is that an attacker with local access could decrypt user account passwords via u...

PT-2024-13348 · Teledyne Flir · Teledyne Flir M300

Name of the Vulnerable Software and Affected Versions: Teledyne FLIR M300 versions 2.00 through 2.00-19 Description: An issue was discovered where user account passwords are encrypted locally and can be decrypted to cleartext passwords using the umSetup utility, which requires root permissions to...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

libssh: Missing checks for return values for digests

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex

A flaw was found in PyCryptodome/pycryptodomex which may allow for side-channel leakage when performing OAEP decryption, which could be exploited to carry out a Manger attack...

ALSA-2024:2569 Important: grafana-pcp security update

grafana-pcp is an open source Grafana plugin for PCP. Security Fixes: grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 <= 9.3.0.17 / 9.3 <= 9.3.5.1 (7149586)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7149586 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions...

SUSE SLES15 / openSUSE 15 Security Update : openCryptoki (SUSE-SU-2024:1447-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1447-1 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded...

SUSE SLED15 / SLES15 / openSUSE 15 : Feature update for python-M2Crypto (SUSE-SU-SUSE-FU-2024:1448-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-FU-2024:1448-1 advisory. - A flaw was found in all released versions of m2crypto, where they are vulnerable to...

Updated opencryptoki packages fix security vulnerability

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...

MGASA-2024-0152 Updated opencryptoki packages fix security vulnerability

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...

CVE-2023-6096

Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

PT-2024-14882 · Unknown · Dvr Firmware

Name of the Vulnerable Software and Affected Versions: DVR firmware affected versions not specified Description: A flaw has been discovered in the DVR firmware's encryption logic, which is inappropriate and allows for decryption. The issue was found by Vladimir Kononovich, a security researcher...

CentOS 9 : kernel-5.14.0-430.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-430.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA...

CentOS 9 : nss-3.90.0-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the nss-3.90.0-4.el9 build changelog. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...