5878 matches found
New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists
North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat APT as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the...
IBM Sterling Connect:Direct 加密问题漏洞
IBM Sterling Connect:Direct is a file-based, peer-to-peer file transfer solution from IBM in the United States. A security vulnerability exists in IBM Sterling Connect:Direct Web Services that stems from the use of weaker-than-expected encryption algorithms that could allow an attacker to decrypt...
CVE-2021-41278
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
Input validation
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
EdgeX Foundry 加密问题漏洞
EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. A cryptographic issue vulnerability exists in EdgeX's Functions SDK that allows an attacker to decrypt messages via unspecified vectors...
Palo Alto Networks PAN-OS 8.1.x < 8.1.0 / 9.0.x < 9.0.0 / 9.1.x < 9.1.0 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.0 or 9.0.x prior to 9.0.0 or 9.1.x prior to 9.1.0. It is, therefore, affected by a vulnerability. - In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for us...
Packet Injection
kernel is vulnerable to packet injection. The vulnerability exists due to the lack of sanitization of the authenticity of the Message Integrity Check allowing an attacker to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol...
EulerOS Virtualization 2.9.0 : nettle (EulerOS-SA-2021-2786)
According to the versions of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA...
Oracle Linux 8 : gnutls / and / nettle (ELSA-2021-4451)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4451 advisory. - Backport CVE-2021-3580 from upstream 3.7.3 release 1967990 Tenable has extracted the preceding description block directly from the Oracle Linux...
Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2021-2734)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-26315
CVE-2021-26315: The AMD Platform Security Processor (PSP) boot ROM decrypts encrypted firmware but does not adequately verify the integrity of the decrypted image, potentially allowing arbitrary code execution in the PSP when using encrypted firmware. The issue is described across multiple source...
CVE-2021-38984
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793...
CVE-2021-38984
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793...
CVE-2021-38983
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792...
CVE-2021-38983
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792...
CVE-2021-3789
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages...
Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2021-2668)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : gnutls and nettle (RHSA-2021:4451)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4451 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2717)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call...
CentOS 8 : gnutls and nettle (CESA-2021:4451)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4451 advisory. - gnutls: Use after free in client keyshare extension CVE-2021-20231 - gnutls: Use after free in clientsendparams in lib/ext/presharedkey.c...