Lucene search
+L

241 matches found

mageia
mageia
added 2023/01/24 7:58 a.m.111 views

Updated samba packages fix security vulnerability

There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...

9.8CVSS1.2AI score0.06419EPSS
Exploits1References25
ptsecurity
ptsecurity
added 2023/01/05 12:0 a.m.6 views

PT-2023-12362 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: The issue affects the DES implementation in the affected product versions, which use a default key for encryption. Successful exploitation allows an attacker to...

9.8CVSS9.2AI score0.00284EPSS
Exploits0References4
prion
prion
added 2022/12/19 11:15 a.m.20 views

Design/Logic Flaw

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent...

4.3CVSS7.6AI score0.00126EPSS
Exploits0References1Affected Software1
schneier
schneier
added 2022/11/21 12:8 p.m.14 views

Breaking the Zeppelin Ransomware Encryption Scheme

Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of...

0.2AI score
Exploits0
bdu_fstec
bdu_fstec
added 2022/11/07 12:0 a.m.9 views

The vulnerability of the SSH library (x/crypto/ssh) in the Go programming language, which allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of the SSH library x/crypto/ssh in the Go programming language is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to execute a “man-in-the-middle” attack...

8.1CVSS6.7AI score0.03156EPSS
Exploits0References6Affected Software4
hackread
hackread
added 2022/10/17 8:8 p.m.19 views

Researchers: Office 365 Encryption Flaw Compromise Message Confidentiality

By Deeba Ahmed According to researchers, the security flaw can be exploited for inferring message contents due to the flawed Office 365 Message Encryption OME security method. This is a post from HackRead.com Read the original post: Researchers: Office 365 Encryption Flaw Compromise Message...

2.8AI score
Exploits0
prion
prion
added 2022/10/06 6:15 p.m.18 views

Design/Logic Flaw

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables...

5CVSS5.4AI score0.00182EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2022/09/20 12:0 a.m.6 views

PT-2022-5168 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.29 and prior Description: The issue exists due to insufficient input validation in the MySQL Server's encryption component. This allows a remote attacker to disclose protected...

10CVSS6.7AI score0.87816EPSS
Exploits32References957
prion
prion
added 2022/08/16 5:15 p.m.16 views

Design/Logic Flaw

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file...

1.7CVSS5.2AI score0.00126EPSS
Exploits0References1Affected Software1
prion
prion
added 2022/08/15 11:21 a.m.24 views

Design/Logic Flaw

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

6.5CVSS7.8AI score0.0082EPSS
Exploits0References2Affected Software1
prion
prion
added 2022/07/25 3:15 p.m.19 views

Design/Logic Flaw

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

6.5CVSS8.3AI score0.01139EPSS
Exploits0References3Affected Software2
cnnvd
cnnvd
added 2022/07/25 12:0 a.m.5 views

LibreOffice 安全特征问题漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...

7.5CVSS5.6AI score0.00804EPSS
Exploits0References11
cvelist
cvelist
added 2022/07/25 12:0 a.m.22 views

CVE-2022-26306 Execution of Untrusted Macros Due to Improper Certificate Validation

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

8.1AI score0.00804EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/06/28 12:0 a.m.5 views

Dell PowerScale OneFS 加密问题漏洞

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS versions 8.2.x through 9.2.x, which stems from the inclusion of a corrupted or at-risk encryption algorithm,...

10CVSS8.3AI score0.00604EPSS
Exploits0References2
prion
prion
added 2022/06/15 7:15 p.m.19 views

Design/Logic Flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created...

5CVSS7.7AI score0.00634EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2022/06/14 12:0 a.m.4 views

Siemens SINEMA Remote Connect Server 安全特征问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunnel connections VPNs between headquarters, service technicians, and installed machines or plants.Siemens SINEMA Remote Connect Server is vulnerable to an encryption issue that could be exploited by an...

5.9CVSS5.7AI score0.00907EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/04/30 10:15 p.m.2 views

CVE-2021-42001

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP...

9.9CVSS7.2AI score0.00472EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/03/10 12:0 a.m.4 views

Apache Spark 加密问题漏洞

Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program's use of a custom mutual authentication protocol that allows fully encrypted...

7.5CVSS5.6AI score0.01817EPSS
Exploits0References4
schneier
schneier
added 2022/03/04 12:19 p.m.23 views

Samsung Encryption Flaw

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...

0.3AI score
Exploits0
cnnvd
cnnvd
added 2022/02/03 12:0 a.m.5 views

Airspan Networks Mmp 加密问题漏洞

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S.A. Airspan Networks Mmp is vulnerable to an encryption issue that could be exploited by attackers to break unlisted passwords...

6.5CVSS5.5AI score0.00521EPSS
Exploits0References6
Rows per page
Query Builder