115 matches found
Samsung Mobile Device Encryption Issue Vulnerability
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices suffer from a cryptographic issue vulnerability that can be exploited by an attacker to launch a caching attack against Keymaster AES-GCM...
SUSE-SU-2020:0063-1 Security update for nodejs10
This update for nodejs10 to version 10.18.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. - Added support for chacha20-poly1305 for Authenticated...
[SECURITY] Fedora 29 Update: python-pycryptodomex-3.6.6-1.fc29
PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It's a fork of PyCrypto. It brings several enhancements with respect to the last official version of PyCrypto 2.6.1, for instance: Authenticated encryption modes GCM, CCM, EAX, SIV, OCB Accelerated AES on Intel...
Offensive and Defensive Cryptography: Crypton
Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems Symmetric and Asymmetric, Digital Signatures, Message...
LC4: Another Pen-and-Paper Cipher
Interesting symmetric cipher: LC4: Abstract: ElsieFour LC4 is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts...
SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT
Update March 1, 2018: The completion of these changes is documented under Version 1.31.0 in the SSL Labs Changelog. We are giving advance notification for following grading criteria changes applying from March 1, 2018: Not using forward secrecy, not using AEAD suites, and vulnerability to ROBOT...
PT-2017-3585 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.13 Description: The issue is related to errors in resource management within the Parallel Crypto Engine crypto/pcrypt.c subsystem of the Linux operating system. It can be exploited by executing a specially...
[SECURITY] Fedora 26 Update: borgbackup-1.1.3-1.fc26
BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...
[SECURITY] Fedora 27 Update: borgbackup-1.1.3-1.fc27
BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...
[SECURITY] Fedora 24 Update: borgbackup-1.0.7-1.fc24
BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...
[SECURITY] Fedora 25 Update: borgbackup-1.0.7-1.fc25
BorgBackup short: Borg is a deduplicating backup program. Optionally, it supports compression and authenticated encryption...
MGASA-2015-0064 Updated owasp-esapi-java packages fix CVE-2013-5679
Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...
Updated owasp-esapi-java packages fix CVE-2013-5679
Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...
CVE-2013-5679
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...
CVE-2013-5960
CVE-2013-5960 affects OWASP ESAPI for Java (authenticated-encryption in the symmetric-encryption implementation) and could allow remote bypass of cryptographic protections through tampering of serialized ciphertext in non-default cipher-mode configurations. IBM Sterling B2B Integrator bulletin co...