5879 matches found
CVE-2022-20940
A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...
CVE-2022-20940
Cisco Firepower Threat Defense (FTD) Software is affected by a Bleichenbacher-related information disclosure in the TLS handler and SSL decryption policy implementation. The root cause is improper countermeasures against Bleichenbacher attacks, allowing an unauthenticated remote attacker to poten...
SUSE-SU-2022:3932-1 Security update for python-rsa
This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption bsc1178676...
Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack Vulnerability
A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...
Cisco Firepower Threat Defense 安全漏洞
Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense FTD Software is vulnerable to an information disclosure vulnerability that stems from its TLS handler's implementation of improper...
PT-2022-5685 · Cisco · Cisco Ftd
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the TLS handler could allow an unauthenticated, remote attacker to gain access to sensitive information. This issue is due to improper...
nodejs: weak randomness in WebCrypto keygen
A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...
Linux Gather ManageEngine Password Manager Pro Password Extractor
This module gathers the encrypted passwords stored by Password Manager Pro and decrypt them using key materials stored in multiple configuration files. Module Options msf use post/linux/gather/manageenginepasswordmanagercreds msf postmanageenginepasswordmanagercreds show actions ...actions... msf...
CVE-2022-24936
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...
CVE-2022-24936
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...
Design/Logic Flaw
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...
CVE-2022-24936 Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...
CVE-2022-24936
CVE-2022-24936 is a vulnerability in Silicon Labs Gecko Bootloader’s GBL parser, affecting Gecko Bootloader versions 4.0.1 and earlier. The issue is an out-of-bounds error in the GBL parser that could let an attacker overwrite critical flash keys (Sign key and OTA decryption key) through a malici...
PT-2022-16996 · Silicon · Gecko Bootloader
Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Bootloader versions 4.0.1 and earlier Description: The issue is related to an Out-of-Bounds error in the GBL parser, which allows an attacker to overwrite the flash Sign key and OTA decryption key via a malicious bootloader...
CVE-2020-12801
A vulnerability was found in LibreOffice which exists due to an error when processing encrypted files in LibreOffice. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the passwo...
CVE-2022-38117 Juiker app - Hard-coded Credentials
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...
CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology...
CVE-2022-27624
CVE-2022-27624 affects Synology DiskStation Manager (DSM) on DS3622xs+, FS3410, and HD6500, with DSM versions before 7.1.1-42962-2. The issue is an out-of-bounds operation in the OOB (Out-of-Band) Management packet decryption that can allow remote attackers to execute arbitrary commands over the ...
Synology DiskStation Manager 缓冲区错误漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. The operating system manages information such as data, files, photos, music, etc. The operating system is not compatible with Synology DiskStation Manager DSM. A buffer...
DeadBolt ransomware gang tricked into giving victims free decryption keys
Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police...