GHSA-MQW7-C5GG-XQ97 Jervis Has a RSA PKCS#1 Padding Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL463-L465...

Jervis Has a RSA PKCS#1 Padding Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL463-L465...

CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...

CVE-2026-0510

The CVE-2026-0510 entry concerns SAP NetWeaver Application Server for Java (NW AS Java) where the User Management Engine (UME) uses an obsolete cryptographic algorithm to encrypt User Mapping data. The documented impact is low confidentiality risk with no integrity/availability impact. Affected c...

CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...

A Survey of Security Challenges and Solutions for UAS Traffic Management (UTM) and Small Unmanned Aerial Systems (SUAS)

The rapid growth of small Unmanned Aerial Systems sUAS for civil and commercial missions has intensified concerns about their resilience to cyber-security threats. Operating within the emerging UAS Traffic Management UTM framework, these lightweight and highly networked platforms depend on secure...

PT-2026-2766

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Windows Server versions affected versions not specified Description The issue centers around the approaching expiration of Microsoft certificates used in Windows Secure Boot, specifically those...

Amazon S3 Encryption Client for Java JAR Detection

Binary data s3encryptionclientjavadetect.nbin...

SAP NetWeaver 加密问题漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform primarily provides a development and runtime environment for SAP applications. SAP NetWeaver is vulnerable to a cryptographic issue that arises from the use of outdated encryption...

PT-2026-2496

Name of the Vulnerable Software and Affected Versions Jervis versions prior to 2.2 Description Jervis, a library for Job DSL plugin scripts and shared Jenkins pipeline libraries, is affected by an issue where the salt used in encryption is derived from the SHA256 sum of the passphrase. This means...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. A vulnerability in cryptographic issues exists in versions prior to Jervis 2.2, which stems from the use of PKCS1Encoding encryption that is vulnerable to the Bleichenbacher padding prediction attack...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. A cryptographic issue vulnerability exists in versions prior to Jervis 2.2 that stems from processing SHA-256 output using padLeft32, 0 instead of padLeft64, 0, which may result in a hexadecimal representation error...

Amazon S3 Encryption Client for Java < 4.0.0 Key Commitment (AWS-2025-032)

The version of Amazon S3 Encryption Client for Java on the remote host is 4.0.0. It is, therefore, affected by a key commitment vulnerability as referenced in the AWS-2025-032 advisory. Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write...

Microsoft Windows 加密问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. Microsoft Windows suffers from an encryption problem vulnerability. An attacker exploiting this vulnerability could elevate privileges. The following products and...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

[SECURITY] Fedora 42 Update: libsodium-1.0.21-2.fc42

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of t...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-5.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...