CVE-2021-37546

JetBrains TeamCity before 2021.1 uses an insecure key generation mechanism for encrypted properties (CVE-2021-37546). The issue affects TeamCity prior to version 2021.1; the root cause is cryptographic key generation weakness for encrypted properties. The JetBrains Security Bulletin Q2 2021 confi...

Jetbrains JetBrains TeamCity 加密问题漏洞

Jetbrains JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis and build issue analysis reports. A cryptographic issue vulnerability exists in...

JetBrains Security Bulletin Q2 2021

JetBrains News Security JetBrains Security Bulletin Q2 2021 Robert Demmer In the second quarter of 2021, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description |...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点： - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量，同时在routes/web.php添加路由这个我加在源码里了，没写dockerfile里 复现效果 脚本已放出，脚本要和phpggc项目文件夹在同一级目录下...

The vulnerability of the ntpkeygen component in the NTPsec network time protocol allows a attacker to perform a type of “man-in-the-middle” attack.

The vulnerability of the ntpkeygen component in the NTPsec network time protocol implementation is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to perform a “man-in-the-middle” attack between NTP clients a...

Man-in-the-middle (MITM)

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14421-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14421-1 advisory. - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly...

SUSE: Security Advisory (SUSE-SU-2021:0689-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

UBUNTU-CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

CVE-2021-22212

CVE-2021-22212 affects ntpsec up to at least 1.2.0 and related NTP tooling. The issue: ntpkeygen can generate keys that ntpd cannot parse, with the inclusion of '#' characters. ntpd may pad, shorten, or fail to load these keys depending on key type and position of '#'. Consequence: administrators...

CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

NTPsec 加密问题漏洞

NTPsec is a more secure NTP. A security vulnerability exists in NTPsec 1.2.0 that allows ntpkeygen to generate keys...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1931)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1952)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly...

EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1931)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

BTCPay Server 安全特征问题漏洞

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A cross-site scripting vulnerability exists in BTCPay Server version 1.0.7.0 and prior versions, which stems from a weak method Next to generate pseudo-random values to generat...