CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

Heap overflow

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180

CVE-2023-3180 affects the QEMU virtio-crypto implementation. The vulnerability arises from not checking src_len vs dst_len in virtio_crypto_sym_op_helper, enabling a heap buffer overflow during encryption/decryption requests via virtio_crypto_handle_sym_req. Public references (Debian, CNVD, CNAs)...

CVE-2021-38933

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574...

Hitachi Energy GMS600

SUMMARY Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them...

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

Hardcoded credentials

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

JVN#13306058: JINS MEME CORE uses a hard-coded cryptographic key

JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. Impact A network-adjacent attacker may decrypt data acquired by a sensor of the affected product. Solution Update the firmware Update the firmware ...

CVE-2022-22313

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

IBM Safer Payments Encryption Issue Vulnerability

IBM Safer Payments is the first true payment processing cognitive fraud prevention solution from IBM USA. helps clients create customized, user-friendly decision models. IBM Safer Payments has a cryptographic issue vulnerability that stems from the use of weaker-than-expected encryption algorithm...

IBM QRadar Data Synchronization App 加密问题漏洞

IBM QRadar Data Synchronization App is a data resiliency solution from IBM USA. An encryption issue vulnerability exists in IBM QRadar Data Synchronization App versions 1.0 through 3.0.1, which stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the...

gnutls: timing side-channel in the TLS RSA key exchange code

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

Oracle Linux 8 : openssl (ELSA-2023-12213)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12213 advisory. - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

gnutls: timing side-channel in the TLS RSA key exchange code

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

Authorization

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

CVE-2021-36689

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

CVE-2021-36689

The vulnerability CVE-2021-36689 affects Streetside Samourai Wallet for Android (version 0.99.96i). It involves com.samourai.wallet.PinEntryActivity.java, where a brute-force attack using a recovered samourai.dat file can allow an attacker to view sensitive information and decrypt data. The PIN l...