241 matches found
Updated samba packages fix security vulnerability
There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...
PT-2023-12362 · Unem +1 · Unem +1
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: The issue affects the DES implementation in the affected product versions, which use a default key for encryption. Successful exploitation allows an attacker to...
Design/Logic Flaw
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent...
Breaking the Zeppelin Ransomware Encryption Scheme
Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of...
The vulnerability of the SSH library (x/crypto/ssh) in the Go programming language, which allows a hacker to execute a “man-in-the-middle” attack.
The vulnerability of the SSH library x/crypto/ssh in the Go programming language is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to execute a “man-in-the-middle” attack...
Researchers: Office 365 Encryption Flaw Compromise Message Confidentiality
By Deeba Ahmed According to researchers, the security flaw can be exploited for inferring message contents due to the flawed Office 365 Message Encryption OME security method. This is a post from HackRead.com Read the original post: Researchers: Office 365 Encryption Flaw Compromise Message...
Design/Logic Flaw
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables...
PT-2022-5168 · Oracle +7 · Mysql Server +6
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.29 and prior Description: The issue exists due to insufficient input validation in the MySQL Server's encryption component. This allows a remote attacker to disclose protected...
Design/Logic Flaw
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file...
Design/Logic Flaw
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...
Design/Logic Flaw
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
LibreOffice 安全特征问题漏洞
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...
CVE-2022-26306 Execution of Untrusted Macros Due to Improper Certificate Validation
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...
Dell PowerScale OneFS 加密问题漏洞
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS versions 8.2.x through 9.2.x, which stems from the inclusion of a corrupted or at-risk encryption algorithm,...
Design/Logic Flaw
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created...
Siemens SINEMA Remote Connect Server 安全特征问题漏洞
SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunnel connections VPNs between headquarters, service technicians, and installed machines or plants.Siemens SINEMA Remote Connect Server is vulnerable to an encryption issue that could be exploited by an...
CVE-2021-42001
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP...
Apache Spark 加密问题漏洞
Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program's use of a custom mutual authentication protocol that allows fully encrypted...
Samsung Encryption Flaw
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...
Airspan Networks Mmp 加密问题漏洞
Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S.A. Airspan Networks Mmp is vulnerable to an encryption issue that could be exploited by attackers to break unlisted passwords...