JSA10544 - 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities

Problem OpenSSL software distributed with Steel-Belted Radius is vulnerable to CVE-2011-4619, and CVE-2011-4576. These may allow decrypting encrypted information or cause a denial of service condition for the Steel-Belted Radius server. CVE-2011-4576 The SSL 3.0 implementation in OpenSSL before...

Kerberos Ticket Inspecting

This module outputs the contents of a ccache/kirbi file and optionally when provided with the appropriate key decrypts and displays the encrypted content too. Can be used for inspecting tickets that aren't working as intended in an effort to debug them. Module Options msf use...

Kerberos keytab utilities

Utilities for interacting with keytab files, which can store the hashed passwords of one or more principals. Discovered keytab files can be used to generate Kerberos Ticket Granting Tickets, or bruteforced offline. Keytab files can be also useful for decrypting Kerberos traffic using Wireshark...

DEBIAN-CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2023-22899

CVE-2023-22899 affects Zip4j (v2.11.2 and earlier) as used in products like IBM/App Connect Enterprise and Threema. The issue is that MAC verification is not consistently applied when decrypting ZIP archives, constituting a cryptographic integrity risk. Several connected sources confirm the impac...

CVE-2022-29856

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

GHSA-G7FX-MMJC-R7GV Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2021-4161

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server...

Code injection

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server...

CVE-2021-4161

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server...

IBM Tivoli Key Lifecycle Manager 加密问题漏洞

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security vulnerability exists in IBM Tivoli Key Lifecycle Manager that stems fr...

UBUNTU-CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

Padding Oracle Attack

jose is vulnerable to padding oracle attack. A possible observable difference in timing when padding error occurs while decrypting the ciphertext allows an attacker to obtain the plaintext data without knowledge of the decryption key...

CVE-2020-4898

IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989...

CVE-2020-4045

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

Information disclosure

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

CVE-2020-4045 Information disclosure in SSB-DB

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

CVE-2020-10685

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...