CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

LastPass users should move their crypto funds, experts warn

Several experts have warned LastPass users who store cryptocurrency-related login information in their vaults to change that login information as soon as they can. Apparently, cybercriminals who have access to the stolen information are making it a priority to decrypt the data in an attempt to...

CVE-2022-38469

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords...

GE Digital Proficy Historian 加密问题漏洞

GE Digital Proficy Historian is a powerful tool with storage analysis and data collection capabilities from GE Digital. A security vulnerability exists in GE Digital Proficy Historian version 7.0 and later. An attacker could exploit the vulnerability to decrypt sensitive data, such as usernames a...

Uncontrolled Resource Consumption

github.com/flynn/noise is vulnerable to uncontrolled resource consumption. The weakened cryptographic security after encrypting 2^64 messages causes multiple messages to be encrypted with the same key and nonce resulting in denial of service conditions. Additionally the Decrypt function increment...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

Design/Logic Flaw

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239 Weak encryption and denial of service in github.com/flynn/noise

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

IBM Spectrum Control Weak Encryption Vulnerability

IBM Spectrum Control formerly known as Tivoli Storage Productivity Center is a suite of storage resource management software from International Business Machines IBM. The software provides monitoring, automation and analysis for multiple storage systems. IBM Spectrum Control version 5.4 suffers...

The vulnerability of the PRNG generator in the development environment for programming CODESYS V3 applications, related to the use of cryptographic algorithms with defects, allows a hacker to decrypt and modify the loaded code.

The vulnerability of the PRNG generator used in the development environment for CODESYS V3 applications is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor, operating remotely, to decrypt and modify the loaded...

CVE-2022-20513

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2022-14726 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the decrypt 1 2 function of CryptoPlugin.cpp due to a missing bounds check. This could lead to local information disclosure without requiring...

CVE-2022-2660

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine...

CVE-2022-46142

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords...

SICK RFU61x 加密问题漏洞

The SICK RFU61x is the smallest read/write device in the SICK UHF portfolio from SICK. It is ideally suited for IoT applications directly on workpieces or components. A security vulnerability exists in the SICK RFU61x firmware version prior to v2.25, which stems from the fact that the use of a...

PT-2022-27990 · Sick · Sick Rfu62X

Name of the Vulnerable Software and Affected Versions: SICK RFU62x firmware versions prior to 2.21 Description: The issue is related to the use of a broken or risky cryptographic algorithm, allowing a low-privileged remote attacker to decrypt encrypted data if weak cipher suites are used for...

Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) MVID-2022-0664 Insecure Proprietary Password Encryption

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan-Dropper.Win32.Decay.dxv CyberGate v1.00.0...

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...

PT-2022-22130 · Ibm · Ibm Cics Tx

Name of the Vulnerable Software and Affected Versions: IBM CICS TX version 11.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM CICS TX version 11.1, upda...