SUSE CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

JSA10628 - 2014-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A weak cipher issue has been discovered on the Pulse Connect Secure PCS and Pulse Policy Secure PPS devices. When configuring the device to use a higher level cipher setting, a lower...

AZL-35127 CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-5

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

PYSEC-2023-11

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

UBUNTU-CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

GHSA-W7PP-M8WF-VJ6R Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers: pycon outbuf = b"\x00" 32 c = ciphers.CipherAESb"\x00" 32, modes.ECB.encryptor c.updateintob"\x00" 16, outbuf 16 outbuf...

PT-2023-2766 · Pypi +10 · Cryptography +10

Name of the Vulnerable Software and Affected Versions: cryptography versions 1.8 through the latest version before the fix Description: The issue is related to the Cipher.update into function in the cryptography package, which would accept Python objects that implement the buffer protocol but...

SUSE-SU-2023:0164-1 Security update for samba

This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password bsc1206546. - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to...

SUSE: Security Advisory (SUSE-SU-2023:0126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the EVP_CIPHER_meth_new() function in the OpenSSL library, which allows a hacker to disclose sensitive information

The vulnerability of the EVPCIPHERmethnew function in the OpenSSL library is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to disclose sensitive information that is protected by this function...

PT-2023-35640 · Wolfssl · Wolfssl

Name of the Vulnerable Software and Affected Versions: wolfSSL affected versions not specified Description: The issue is related to a heap buffer overflow error. Technical details about the error include a crash type of Heap-buffer-overflow WRITE 16. The crash state involves the wc AesCbcEncrypt...

etcd 加密问题漏洞

etcd is a key-value storage system for distributed systems written in the Go language. A cryptographic issue vulnerability exists in etcd grpc-proxy, which stems from the presence of a 64-bit block cipher attack...

Bkcrack - Crack Legacy Zip Encryption With Biham And Kocher's Known Plaintext Attack

Crack legacy zip encryption with Biham and Kocher's known plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based Encryption Algorithm symmetric encryption algorithm referred ...

CVE-2021-40341

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B...

Code injection

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B...

CVE-2021-40341

CVE-2021-40341 involves the use of DES to encrypt user credentials in Hitachi Energy FOXMAN-UN and UNEM network-management products. The affected families span FOXMAN-UN R9C–R16A and UNEM R9C–R16A. The root cause is the inadequate encryption strength of DES (56-bit key), which enables decryption ...

PT-2023-12361 · Hitachi Energy · Hitachi Energy Foxman-Un +1

Name of the Vulnerable Software and Affected Versions: Hitachi Energy FOXMAN-UN versions R9C through R16A Hitachi Energy UNEM versions R9C through R16A Description: The DES cipher, which has inadequate encryption strength, is used in Hitachi Energy FOXMAN-UN to encrypt user credentials used to...

macOS/x64 Execve Caesar Cipher String Null-Free Shellcode (286 bytes)

Shellcode Title: macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode 286 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The...

K15395: OpenSSL vulnerability CVE-2012-0027

Security Advisory Description The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client. CVE-2012-0027 Impact This vulnerability could...

GodFather Android Banking Trojan Targeting Users of Over 400 Banking and Crypto Apps

An Android banking trojan known as GodFather is being used to target users of more than 400 banking and cryptocurrency apps spanning across 16 countries. This includes 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms serving users in the U.S., Turkey, Spain, Italy, Canada,...