AlmaLinux 8 : gnutls and nettle (ALSA-2021:4451)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4451 advisory. - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a...

Updated cryptsetup packages fix security vulnerability

An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...

MGASA-2022-0047 Updated cryptsetup packages fix security vulnerability

An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...

Catching the RAT called Agent Tesla

For the last few years, the Qualys Research Team has been observing an infamous "Malware-as-a-service" RAT Remote Access Trojan called Agent Tesla. It first appeared in 2014, and since then many variants have been deployed. This malware uses multiple techniques for evading detection as well as...

clevis bug fix and enhancement update

An update is available for clevis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Clevis is a pluggable framework for automated decryption. It can be used to...

ALBA-2022:0349 clevis bug fix and enhancement update

Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes. The clevis packages provide the client side of the Network Bound Disk Encryption NBDE project. Bug Fixes and Enhancements: Server hangs in...

clevis bug fix and enhancement update

Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes. The clevis packages provide the client side of the Network Bound Disk Encryption NBDE project. Bug Fixes and Enhancements: Server hangs in...

Mageia: Security Advisory (MGASA-2018-0321)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0300)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0456)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0027)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Telenot CompasX 安全特征问题特征问题漏洞

Telenot CompasX is a parameter setting software from Telenot. Telenot CompasX suffers from a security signature issue vulnerability that arises from the use of weak seeding to generate random numbers, which results in a risk of decryption...

Code injection

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

CVE-2021-23842 Use of Hard-coded Cryptographic Key

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

Insecure Cryptography

cryptsetup is vulnerable to insecure cryptography. A malicious attacker can modify on-disk metadata to simulate decryption in progress with crashed reencryption step and persistently decrypt part of the LUKS device...

The vulnerability of RSA decryption functions in the Nettle cryptographic library, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The vulnerability of RSA decryption functions in the Nettle cryptographic library is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures using specially created ciphertext...

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

Sql injection

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...