CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

Vulnerability in OpenSSL - AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of “in place” encryption...

OpenSSL 1.1.1 < 1.1.1q Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1q. It is, therefore, affected by a vulnerability as referenced in the 1.1.1q advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...

Securing your IoT with Edge Secured-core devices

A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...

Securing your IoT with Edge Secured-core devices

A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...

Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to the lack of data encryption measures. This allows a perpetrator to retrieve the credentials for authentication purposes.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, lies in the lack of data encryption measures. Exploiting this vulnerability could allow a malicious actor to retrieve authentication credentials fo...

Chicago students lose data to ransomware attackers

Chicago Public Schools CPS disclosed on Friday that students may have had their data taken in a ransomware incident involving one of its vendors. The ransomware attack happened last December at Battelle for Kids BfK, based in Columbus Ohio, which develops services to provide innovation in schools...

IBM Guardium Data Encryption (GDE) Cross-Site Scripting Vulnerability

IBM Security Guardium Data Encryption is an application from IBM USA that provides a modular set of encryption, tokenization, and key management solutions that enable organizations to protect data in local and hybrid multi-cloud environments. IBM Guardium Data Encryption GDE 4.0. 0.0.0 and 5.0.0....

PT-2022-2472 · Amd +1 · Amd Cpus +1

Name of the Vulnerable Software and Affected Versions: AMD CPUs affected versions not specified Description: The issue is related to the implementation of the SEV-SNP Secure Nested Paging protective mechanism for virtual machines running on servers with AMD processors, which is associated with da...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2021-39024

IBM Guardium Data Encryption (GDE) versions 4.0.0.0 and 5.0.0.0 are vulnerable to cross-site scripting via the Web UI, enabling arbitrary JavaScript in trusted sessions and potential credential disclosure. The IBM Security Bulletin summarizes the issue and references CVE-2021-39024, with CVSS v3....

IBM Guardium Data Encryption 跨站脚本漏洞

IBM Security Guardium Data Encryption is an application from IBM USA that provides a modular set of encryption, tokenization, and key management solutions that enable organizations to protect data in local and hybrid multi-cloud environments. IBM Guardium Data Encryption GDE 4.0. 0.0.0 and 5.0.0....

Security Bulletin: Vulnerability CVE-2021-39024 in IBM Guardium Data Encryption (GDE)

Summary Vulnerability identified in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39024 DESCRIPTION: IBM Guardium Data Encryption GDE is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Unspecified Vulnerability in IBM Guardium Data Encryption (CNVD-2022-41644)

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption GDE. A remote attacker could exploit the vulnerability to obtain sensitive information when a technical error...

Unspecified Vulnerability in IBM Guardium Data Encryption (CNVD-2022-41643)

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption GDE that stems from a loss of encoding or escaping of data. No details of the vulnerability are provided at...