UK Secret Order Demands That Apple Give Access to Users’ Encrypted Data

Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of strictly encrypted accounting data. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized acces...

The vulnerability of Mutt and NeoMutt email clients, related to errors in verifying the cryptographic signature, allows a hacker to alter the list of trusted recipients and expose the encrypted information.

The vulnerability of Mutt and NeoMutt email clients stems from errors in verifying the cryptographic signature when processing header fields. Exploiting this vulnerability could allow a malicious actor to alter the list of trusted recipients and expose the sensitive information being protected...

SonicWALL SMA100 安全漏洞

The SonicWALL SMA100 is a secure access gateway appliance from SonicWALL USA. The SonicWALL SMA100 suffers from a cryptographic issue vulnerability that stems from the use of a weakly encrypted pseudo-random number generator in the backup code generator. An attacker could exploit the vulnerabilit...

CVE-2017-13309

In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden version 1.30.3, which stems from a failure to adequately protect certain encrypted data stored on the server, and allows...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

PT-2024-28737 · Unknown · Vaultwarden

Name of the Vulnerable Software and Affected Versions: Vaultwarden formerly Bitwarden RS version 1.30.3 Description: An issue was discovered in Vaultwarden, which lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a...

CVE-2024-39925

Vaultwarden (1.30.3) suffers an offboarding/key rotation flaw: when members leave, the shared organization key is not rotated, allowing departing users to retain key material and potentially decrypt data. In addition, an authenticated user could access encrypted data across organizations if they ...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

The vulnerability of the industrial server for serial devices of Korenix JetPort lies in the absence of encrypted confidential data, which allows attackers to circumvent existing security restrictions.

The vulnerability of the industrial server for serial devices of Korenix JetPort lies in the absence of encrypted confidential data. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the BitLocker data protection function in Windows operating systems allows attackers to circumvent existing security restrictions and gain access to encrypted data.

The vulnerability of the BitLocker data protection function in Windows operating systems is related to a breach of the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions and gain access to encrypted data...

CVE-2024-39888

CVE-2024-39888 affects Mendix Encryption versions 10.0.0 to 10.0.1, where a hard-coded default EncryptionKey enables decryption of encrypted project data if no per-project key is specified. Root cause: a security-relevant constant defined by default in the module. Consequences stated across sourc...

The vulnerability of the Schuhfried psychological testing and training system, related to the use of strictly encrypted user data, allows the intruder to access protected information.

The vulnerability of the Schuhfried psychological testing and training system lies in the use of strictly encrypted user data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information using a specially created curl command...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility of modifying encrypted data...

Decryption Failure

ilicmiljan/secure-props is vulnerable to Decryption Failure. The vulnerability due to a regex which fails to detect tags during the decryption of encrypted data encoded with the NullEncoder and contains special characters such as \n. When this encrypted data is passed to the TagAwareCipher, the...