13 matches found
EUVD-2020-26461
Malware in sbrugna...
Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
...
Ubuntu: Security Advisory (USN-5286-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5286-1: cryptsetup vulnerability
Milan Broz discovered that cryptsetup incorrectly handled LUKS2 reencryption recovery. An attacker with physical access to modify the encrypted device header may trigger the device to be unencrypted the next time it is mounted by the user. On Ubuntu 20.04 LTS, this issue was fixed by disabling th...
USN-5286-1 cryptsetup vulnerability
Milan Broz discovered that cryptsetup incorrectly handled LUKS2 reencryption recovery. An attacker with physical access to modify the encrypted device header may trigger the device to be unencrypted the next time it is mounted by the user. On Ubuntu 20.04 LTS, this issue was fixed by disabling th...
CLSA-2022-1643917881 Fix of CVE: CVE-2021-4122
CVE-2021-4122: fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery...
CLSA-2022-1643914390 Fix of CVE: CVE-2021-4122
CVE-2021-4122: fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery...
SUSE: Security Advisory (SUSE-SU-2022:0144-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Insecure Cryptography
cryptsetup is vulnerable to insecure cryptography. A malicious attacker can modify on-disk metadata to simulate decryption in progress with crashed reencryption step and persistently decrypt part of the LUKS device...
FreeBSD : glpi -- Public GLPIKEY can be used to decrypt any data (b3695b08-3b3a-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...
CVE-2020-5248
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...
CVE-2020-5248
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...
UBUNTU-CVE-2020-5248
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...