CVE-2026-50208 Permissive TrustAllCerts TLS Verification

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

Shor's Harvest Now Decrypt Later

This plugin reports network services that may be vulnerable now to a future attack by adversaries using a cryptographically relevant quantum computer CRQC. Shor's is a theoretical algorithm that leverages the unique ability of quantum computation to do massively parallel calculations developed by...

EUVD-2019-1489

Malware in sbrugna...

EUVD-2016-2662

Malware in sbrugna...

EUVD-2019-18628

Malware in sbrugna...

EUVD-2015-7871

Malware in sbrugna...

EUVD-2024-3422

Malicious code in bioql PyPI...

HChain: Blockchain Based Large Scale EHR Data Sharing with Enhanced Security and Privacy

Concerns regarding privacy and data security in conventional healthcare prompted alternative technologies. In smart healthcare, blockchain technology addresses existing concerns with security, privacy, and electronic healthcare transmission. Integration of Blockchain Technology with the Internet ...

CVE-2024-53857 rPGP Potential Resource Exhaustion when handling Untrusted Messages

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

PT-2024-35954 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...

The FIPS Compliance of HKDF

HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...

CentOS 9 : opensc-0.23.0-3.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the opensc-0.23.0-3.el9 build changelog. - Potential PIN bypass CVE-2023-40660 - Dynamic analyzers reports in pkcs15init CVE-2023-40661 - Out-of-bounds read in MyEID driver handlin...

Delinea PAM Secret Server Trust Management Issue Vulnerability

Delinea PAM Secret Server is a key service manager from Delinea. A trust management issue vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to obtain symmetric keys and sensitive information via a crafted payload...

Delinea PAM Secret Server 安全漏洞

Delinea PAM Secret Server is a key service manager from Delinea. A trust management issue vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to obtain symmetric keys and sensitive information via a crafted payload...

OpenSC: out-of-bounds read in MyEID driver handling encryption using symmetric keys

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to...

opensc security update

0.23.0-3 - Fix file caching with different offsets RHEL-4079 - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys - Fix CVE-2023-5992: Side-channel...

Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys

...

Out-of-bounds Read

libopensc.so is vulnerable to out-of-bounds reads. The vulnerability exists in card-myeid.c because it does not properly validate symmetric keys, which allows an attacker to send maliciously crafted responses to the APDU and read information outside of the intended range...

SUSE CVE-2015-7974

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."...

SUSE CVE-2016-1567

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."...