2877 matches found
What you need to know about how cryptography impacts your security strategy
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Taurus SA Co-founder...
CVE-2021-45450
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psaciphergenerateiv and psacipherencrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...
PT-2021-24238
Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 2.28.0 Mbed TLS versions 3.x prior to 3.1.0 Description: The issue allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application, specifically...
Security Bulletin: Vulnerability in RC4 stream cipher affects Multiple N-series Products (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Multiple N-series Products Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit thi...
Security Bulletin:TLS Protocol 64-bit Cipher Vulnerability in Multiple N series Products (CVE-2016-2183)
Summary Multiple N series products utilize the TLS protocol. Any system using the TLS protocol with 64-bit block ciphers that are used in long running connections are vulnerable to a birthday attack referred to as SWEET32. When exploited, the vulnerability may lead to the unauthorized disclosure ...
CaptfEncoder - An Extensible Cross Platform Network Security Tool Suite
Captfencoder is an extensible cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, special coding, miscellaneous tools, and aggregating all kinds of online tools. CaptfEncoder all functions...
What is AES Advanced Encryption Standard ❓
In any case, AES cipher is the famous framework that aids in digital encoding facts making use of a maintained 128-digit, 192-piece, or 256-cycle symmetric encryption estimate from the Advanced Encryption Standard AES, additionally called FIPS 197. The AES is a PC protection general for obtaining...
openssl: integer overflow in CipherUpdate
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
Palo Alto Networks PAN-OS 8.1.x < 8.1.0 / 9.0.x < 9.0.0 / 9.1.x < 9.1.0 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.0 or 9.0.x prior to 9.0.0 or 9.1.x prior to 9.1.0. It is, therefore, affected by a vulnerability. - In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for us...
openSUSE: Security Advisory for java-11-openjdk (openSUSE-SU-2021:1480-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1480-1 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: Update to 11.0.13+8 October 2021 CPU - CVE-2021-35550, bsc1191901: Update the default enabled cipher suites preference - CVE-2021-35565, bsc1191909: com.sun.net.HttpsServer spins on TLS session close - CVE-2021-35556, bsc1191910: Richer...
Security update for java-11-openjdk (important)
openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2021:3671-1 Rating: important References: 1191901 1191903 1191904 1191906 1191909 1191910 1191911 1191912 1191913 1191914 Cross-References: CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561...
openssl: integer overflow in CipherUpdate
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
openssl: integer overflow in CipherUpdate
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
openssl: integer overflow in CipherUpdate
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.13.8-alt1_1jpp11
0:11.0.13.8-alt11jpp11 built Nov. 8, 2021 Andrey Cherepanov in task 287838 Oct. 23, 2021 Andrey Cherepanov - New version. - Security fixes: + CVE-2021-35550 Update the default enabled cipher suites preference + CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close + CVE-2021-35556...
VulnCheck KEV: CVE-2016-4437
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...
Apache Shiro Code Execution Vulnerability
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...
OpenLDAP 2.4.x Weak Cipher Vulnerability
OpenLDAP is prone to a weak cipher vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...