1477 matches found
SUSE CVE-2011-1468
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service memory consumption via 1 plaintext data to the opensslencrypt function or 2 ciphertext data to the openssldecrypt function...
SUSE CVE-2015-3331
The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...
SUSE CVE-2017-13084
Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Station-To-Station-Link STSL Transient Key STK during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...
SUSE CVE-2018-11724
The mobipk1decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted mobi file...
SUSE CVE-2018-16420
Several buffer overflows when handling responses from an ePass 2003 Card in decryptresponse in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impa...
SUSE CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
SUSE CVE-2020-13397
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...
SUSE CVE-2020-16150
A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...
Security Bulletin: IBM CICS TX Standard is vulnerable to allowing an attacker to decrypt highly sensitive information. (CVE-2022-34309)
Summary IBM CICS TX Standard could allow an attacker to decrypt highly sensitive information. CVE-2022-34309. The fix removes this vulnerability from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34309 DESCRIPTION: IBM CICS TX uses weaker than expected cryptographic algorithms that...
Security Bulletin: IBM CICS TX Advanced is vulnerable to an attacker decrypting highly sensitive information . (CVE-2022-34310) .
Summary IBM CICS TX Advanced could allow an attacker to decrypt highly sensitive information . The fix removes this vulnerability CVE-2022-34310 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34310 DESCRIPTION: IBM CICS TX uses weaker than expected cryptographic algorithms that...
Security Bulletin: IBM CICS TX Advanced is vulnerable to allowing an attacker to decrypt highly sensitive information. (CVE-2022-34309)
Summary IBM CICS TX Advanced could allow an attacker to decrypt highly sensitive information. CVE-2022-34309. The fix removes this vulnerability from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34309 DESCRIPTION: IBM CICS TX uses weaker than expected cryptographic algorithms that...
Security Bulletin: IBM CICS TX Advanced is vulnerable to an attacker decrypting highly sensitive information (CVE-2022-34319).
Summary IBM CICS TX Advanced could allow an attacker to decrypt highly sensitive information. The fix removes this vulnerability CVE-2022-34319 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-34319 DESCRIPTION: IBM CICS TX uses weaker than expected cryptographic algorithms that...
Bitwarden: Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes
A vulnerability in Bitwarden Desktop for Windows allowed a local attacker to access the biometric master key used for unlocking the vault through Windows Hello. The key was stored in plaintext in the Windows Credential Manager, accessible to any local unprivileged process. This allowed an attacke...
Man-in-the-Middle (MitM)
gnutls is vulnerable to Man-in-the-Middle MitM. The vulnerability exists due to an error in the TLS RSA key exchange and allows remote attacker to decrypt the information...
CVE-2023-21443
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...
CVE-2023-21444
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...
SAMSUNG Flow 加密问题漏洞
SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in SAMSUNG Flow for Android prior to version 4.9.04. An attacker exploiting the vulnerability could decrypt encrypted messages...
Veeam Backup and Replication Credentials Dump
This module exports and decrypts credentials from Veeam Backup & Replication and Veeam ONE Monitor Server to a CSV file; it is intended as a post-exploitation module for Windows hosts with either of these products installed. The module supports automatic detection of VBR / Veeam ONE and is capabl...
Code injection
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...
CVE-2023-20038
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...