Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information(CVE-2022-22368)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2022-22368 DESCRIPTION: IBM Spectrum Scale uses weaker than...

Reversible One-Way Hash in io.github.javaezlib:JavaEZ

Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading...

GHSA-67FJ-6W6M-W5J8 Reversible One-Way Hash in io.github.javaezlib:JavaEZ

Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading...

Eerie GoodWill ransomware forces victims to publish videos of good deeds on social media

Ransomware does what the name implies: holds your files or network to ransom. Pay the authors, typically in cryptocurrency, and you may get your files back. Refuse, and the files could be lost forever or even leaked to the far corners of the net. Sometimes creators of ransomware try different...

SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

GHSA-5WW6-PX42-WC85 SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

CVE-2022-29249

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...

Design/Logic Flaw

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...

CVE-2022-29249

CVE-2022-29249 affects the JavaEZ library. The issue is limited to v1.6 and enables a force decryption of locked text due to weak cryptography in the unlock/decrypt flow. Pre-1.6 is unaffected. A fix is available in release 1.7; upgrading is the advised remediation. Public disclosures and advisor...

CVE-2022-29249 Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...

CVE-2022-29249 Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...

CVE-2022-29249 Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...

PT-2022-19496 · Javaez · Javaez

Name of the Vulnerable Software and Affected Versions: JavaEZ version 1.6 Description: A weakness in JavaEZ allows force decryption of locked text by unauthorized actors. The issue may be critical in situations where the highest levels of security are required, but it is not critical for non-secu...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

CVE-2021-45451

In Mbed TLS before 3.1.0, psaaeadgeneratenonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government

The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and...

GHSA-9XHQ-PM7V-693P phpMyAdmin Cryptographic Vulnerability

An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...

GHSA-QMVQ-F3FJ-M3WG OpenPGP 1.2.0 and earlier decrypts arbitrary messages

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

OpenPGP 1.2.0 and earlier decrypts arbitrary messages

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

The vulnerability of the automatic decryption process of Cisco Umbrella Secure Web Gateway (SWG) allows attackers to circumvent existing security restrictions.

The vulnerability of the automatic decryption process of the Cisco Umbrella Secure Web Gateway SWG is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...