UBUNTU-CVE-2021-46960

In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...

CVE-2021-46960

CVE-2021-46960 is a Linux kernel issue affecting CIFS, where an incorrect error code from smb2_get_enc_key could trigger warnings when errors propagate back through CIFS code paths. The description in the provided documents shows the root cause as the CIFS module returning the wrong error and a w...

CVE-2021-46960 cifs: Return correct error code from smb2_get_enc_key

In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

GHSA-H47M-3F78-QP9G TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

Problem The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this...

TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

Problem The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this...

PT-2024-20760 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The plaintext val...

AMD SEV-SNP Security Vulnerability

AMD SEV-SNP is a secure encrypted virtualization firmware from UltraMicroelectronics AMD. A single key is used to encrypt system memory. AMD SEV-SNP has a security vulnerability that stems from a code error...

AMD SEV-SNP Security Vulnerability

AMD SEV-SNP is a secure encrypted virtualization firmware from UltraMicroelectronics AMD. A single key is used to encrypt system memory. A security vulnerability exists in AMD SEV-SNP that stems from a failure to initialize memory in the SEV firmware...

TYPO3 Information Disclosure Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. An information disclosure vulnerability exists in TYPO3 versions 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, and 13.0.0, which stems from the...

Rhysida Ransomware Cracked, Free Decryption Tool Released

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service issue during key unwrapping when the given encryption key is empty or NULL...

Design/Logic Flaw

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a...

CVE-2023-6482 Encryption key derived from static host information

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a...

CVE-2023-6482 Encryption key derived from static host information

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a...

CVE-2023-6482

CVE-2023-6482 affects Synaptics Fingerprint Driver. The root cause is use of an encryption key derived from static host information, enabling an attacker with physical access to set up a TLS session with the fingerprint sensor and issue restricted commands, potentially enrolling a fingerprint int...

Laravel Deserialization of Untrusted Data Vulnerability

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...

Sensitive Information Disclosure

react-native-mmkv is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging the encryption key for the MMKV database into the Android system log. This issue can be exploited by an attacker via accessing to the Android Debugging Bridge resulting in sensitive informatio...