CVE-2021-36751

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...

CVE-2021-36751

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...

Design/Logic Flaw

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...

CVE-2021-36751

ENC DataVault 7.2.3 and earlier, including OEM versions, use a cryptographic algorithm vulnerable to ciphertext malleability, and lack a data-integrity check. An attacker could modify ciphertext, causing corresponding plaintext changes. The vulnerability is tied to ENC DataVault’s encryption choi...

PT-2022-10543 · Unknown · Enc Datavault Oem +1

Name of the Vulnerable Software and Affected Versions: ENC DataVault versions 7.2.3 and before ENC DataVault OEM versions Description: The issue concerns the use of an encryption algorithm that is vulnerable to data manipulation, known as ciphertext malleability, without requiring knowledge of th...

Enc Security Enc DataVault 数据伪造问题漏洞

Enc Security Enc DataVault is a solution from the Dutch company Enc Security. Turn any Usb drive into a secure removable disk for important files. ENC DataVault suffers from an encryption issue vulnerability that stems from ENC DataVault 7.1.1W using an incorrect encryption algorithm, which can b...

CVE-2021-36751

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...

EulerOS Virtualization 2.9.1 : nettle (EulerOS-SA-2021-2734)

According to the versions of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA...

CentOS 8 : gnutls and nettle (CESA-2021:4451)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4451 advisory. - gnutls: Use after free in client keyshare extension CVE-2021-20231 - gnutls: Use after free in clientsendparams in lib/ext/presharedkey.c...

nettle: Remote crash in RSA decryption via manipulated ciphertext

A flaw was found in nettle in the way its RSA decryption functions handle specially crafted ciphertext. This flaw allows an attacker to provide a manipulated ciphertext, leading to an application crash and a denial of service...

CVE-2021-31352

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit thi...

Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness

Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...

GHSA-WQGP-VPHW-HPHF Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness

Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...

ROT8000

ROT8000 is the Unicode equivalent of ROT13. Whats clever about it is that normal English looks like Chinese, and not like ciphertext to a typical Westerner, that is...

OESA-2021-1320 nettle security update

Nettle is a cryptographic library designed to fit any context in crypto toolkits for object-oriented languages, in applications like LSH or GnuPG, or even in kernel space. Security Fixes: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attack...

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

...

AZL-6741 CVE-2021-3580 affecting package nettle for versions less than 3.7.3-1

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

ALPINE-CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

DEBIAN-CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

Denial of service

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...