Design/Logic Flaw

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

CVE-2021-22741

CVE-2021-22741 affects Schneider Electric ClearSCADA and EcoStruxure Geo SCADA Expert (2019 all versions; 2020 up to v83.7742.1). The issue is a Password Hash with Insufficient Computational Effort, which could allow an attacker with access to server database files to decrypt or reveal user crede...

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

Schneider Electric EcoStruxure Geo SCADA Expert 安全漏洞

Schneider Electric EcoStruxure Geo SCADA Expert ClearSCADA is a suite of data acquisition and monitoring software SCADA from Schneider Electric, France . A security vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert 2019 and EcoStruxure Geo SCADA Expert 2020 version 83.7742.1 and...

Oracle Linux 8 : python-cryptography (ELSA-2021-1608)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1608 advisory. - CVE-2020-36242: Fixed a bug where certain sequences of update calls when symmetrically encrypting very large payloads 2GB could result in an integer...

CVE-2021-20419

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280...

CVE-2021-20419

CVE-2021-20419 affects IBM Security Guardium 11.2. The described issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information (CVE-2021-20419; IBM X-Force ID 196280). Affected products/versions include Guardium 11.2; IBM lists multipl...

IBM Security Guardium Weak Encryption Algorithm Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...

IBM Security Guardium 加密问题漏洞

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...

RHEL 8 : python-cryptography (RHSA-2021:1608)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1608 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic...

python-cryptography: Bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

Moderate: python-cryptography security, bug fix, and enhancement update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. The following packages have been upgraded to a later upstream version: python-cryptography 3.2.1. BZ1873581, BZ1891947...

Ransomware’s Dangerous New Trick: Double-Encrypting Your Data

Even when you pay for a decryption key, your files may still be locked up by another strain of malware...

PT-2021-5781 · Nettle +9 · Nettle +9

Name of the Vulnerable Software and Affected Versions: Nettle affected versions not specified Description: A flaw was found in the way Nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application...

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained th...

CVE-2021-30183

The CVE-2021-30183 issue affects Octopus Server across multiple versions, where during import/export operations the password used to encrypt/decrypt sensitive values is written in plaintext to logs. Root cause is cleartext storage of sensitive information in log output. Public documents confirm t...

Colonial Pipeline Shells Out $5M in Extortion Payout, Report

Colonial Pipeline Co., operator of the largest U.S. fuel pipeline, reportedly paid $5 million to criminals behind a ransomware attack that has sent fuel prices spiking up and down the East Coast. Sources familiar with the payout told Bloomberg that representatives of Colonial Pipeline paid the...

DEBIAN-CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

CVE-2020-26141

CVE-2020-26141 affects the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi‑Fi stack does not verify the Message Integrity Check for fragmented TKIP frames, allowing an adjacent attacker to inject and potentially decrypt packets in WPA/WPA2 TKIP networks. The provided connected documents d...

UBUNTU-CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...