Sequoia PGP 安全漏洞

Sequoia PGP is a Rust library open-sourced by sequoia-pgp. A security vulnerability exists in Sequoia PGP versions prior to 2.1.0, which stems from the fact that aeskeyunwrap crashes when passing too short a ciphertext, potentially crashing the application...

Linux Distros Unpatched Vulnerability : CVE-2025-67897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an applicatio...

Substitution Cipher Based on The Voynich Manuscript

Here's a fun paper: "The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext": Abstract: In this article, I investigate the hypothesis that the Voynich Manuscript MS 408, Yale University Beinecke Library is compatible with being a ciphertext ...

Primitive Vector Cipher(PVC): A Hybrid Encryption Scheme Based on the Vector Computational Diffie-Hellman (V-CDH) Problem

This work introduces the Primitive Vector Cipher PVC, a novel hybrid encryption scheme integrating matrix-based cryptography with advanced Diffie-Hellman key exchange. PVC's security is grounded on the established hardness of the Vector Computational Diffie- Hellman V-CDH problem. The two-layered...

TencentOS Server 4: libgcrypt (TSSA-2024:0963)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0963 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-34337

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...

CVE-2025-34337

Summary (CVE-2025-34337) The eGovFramework/egovframe-common-components package

PT-2025-47486

Name of the Vulnerable Software and Affected Versions eGovFramework/egovframe-common-components versions up to and including 4.3.1 Description The Web Editor image upload functionality within the software uses symmetric encryption for URL parameters but reveals an encryption oracle. This allows...

The Jasmin Compiler Preserves Cryptographic Security

Jasmin is a programming and verification framework for developing efficient, formally verified, cryptographic implementations. A main component of the framework is the Jasmin compiler, which empowers programmers to write efficient implementations of state-of-the-art cryptographic primitives,...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2021-3580)

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. This plugin only works with Tenable.ot. Please visit...

RUSTSEC-2025-0136 Underflow in aes_key_unwrap function

The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment TEE in a computer's main processor, including Intel's Software Guard eXtension...

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

EUVD-2023-60009

In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports: drivers/tty/serial/arcuart.c:631 arcserialprobe warn: 'port-membase' from ofiomap not released on lines: 631. In arcserialprobe, if uartaddoneport fails,...

PT-2025-43415

Name of the Vulnerable Software and Affected Versions Sakai versions prior to 23.5 Sakai versions prior to 25.0 Description Sakai is a Collaboration and Learning Environment. The EncryptionUtilityServiceImpl component initialized an AES256TextEncryptor password serverSecretKey using...

EUVD-2014-3565

Malware in sbrugna...

EUVD-2012-0907

Malware in sbrugna...

EUVD-2021-23340

Malware in sbrugna...

EUVD-2005-0367

Malware in sbrugna...

EUVD-2011-1110

Malware in sbrugna...