mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Trend Micro Apex One 加密问题漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in the Trend Micro Apex One 2021 On-prem SaaS version, which stems from the fact that if certain traffic data is intercepted and decoded, some information related to the server may be obtaine...

CVE-2022-2758 Update

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems LSIS Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all...

HireVue Hiring Platform 加密问题漏洞

HireVue Hiring Platform is a talent experience platform from HireVue USA. designed to automate workflows and simplify hiring at scale. HireVue Hiring Platform version V1.0 suffers from an encryption issue vulnerability that stems from the use of a corrupted or risky encryption algorithm...

CVE-2022-21139

Inadequate encryption strength for some IntelR PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access...

LS ELECTRIC PLC 和 XG5000 加密问题漏洞

LS ELECTRIC PLC is a programmable logic controller from LS ELECTRIC, a South Korean company. LS ELECTRIC PLC and XG5000 are vulnerable to an encryption issue that could be exploited by an attacker to decrypt credentials and gain full access to the affected programmable logic controller PLC...

CVE-2021-22640 Ovarro TBox Insufficiently Protected Credentials

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

OPENSUSE-SU-2022:2328-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...

AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryptio...

OpenSSL -- AES OCB fails to encrypt some bytes

The OpenSSL project reports: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special...

Motorola Solutions MDLC 加密问题漏洞

Motorola Solutions MDLC is a data communications protocol from Motorola Solutions. Motorola Solutions MDLC suffers from a cryptographic issue vulnerability that stems from MDLC's legacy encryption mode that encrypts traffic using a Tiny Encryption Algorithm TEA group cipher in ECB mode, which doe...

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

Verbatim Keypad Secure USB Drive 加密问题漏洞

The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from the Chinese company Verbatim. The Verbatim Keypad Secure USB Drive is vulnerable to an encryption issue that arises from the use of an insecure encryption mode that could allow an attacker to extract information eve...

CVE-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...