CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...

CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...

OPENSUSE-SU-2021:0906-1 Security update for libnettle

This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext bsc1187060. This update was imported from the SUSE:SLE-15:Update update project...

SUSE: Security Advisory (SUSE-SU-2021:2143-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for libnettle (important)

openSUSE Security Update: Security update for libnettle Announcement ID: openSUSE-SU-2021:0906-1 Rating: important References: 1187060 Cross-References: CVE-2021-3580 CVSS scores: CVE-2021-3580 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An update...

SUSE: Security Advisory (SUSE-SU-2021:2135-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2021:0901-1 Security update for python-rsa

This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext bsc1172389 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2021:2135-1 Security update for libnettle

This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext bsc1187060...

USN-5001-1 linux-oem-5.10 vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementati...

Security update for python-rsa (important)

openSUSE Security Update: Security update for python-rsa Announcement ID: openSUSE-SU-2021:0901-1 Rating: important References: 1172389 Cross-References: CVE-2020-13757 CVSS scores: CVE-2020-13757 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-13757 SUSE: 7.5...

SUSE-SU-2021:2008-1 Security update for python-rsa

This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext bsc1172389...

USN-4990-1: Nettle vulnerabilities

It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. CVE-2021-3580 It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly u...

USN-4990-1 nettle vulnerabilities

It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. CVE-2021-3580 It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly u...

DEBIAN-CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

Avaddon Ransomware Gang Evaporates Amid Global Crackdowns

Ransomware group Avaddon has decided to shutter its criminal enterprise after landing in the crosshairs of law-enforcement agencies in the U.S. and Australia. Avaddon, a prolific ransomware-as-a-service RaaS provider, released its decryption keys to BleepingComputer — 2,934 in total — with each k...

CVE-2021-32685

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...

Design/Logic Flaw

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...

CVE-2021-32685

CVE-2021-32685 affects tEnvoy (used by TogaTech.org) where the verifyWithMessage function in tEnvoyNaClSigningKey incorrectly returns true for SHA-512 hashes that match the message hash, even if the signature is invalid. This flaw is present in versions prior to 7.0.3. The issue is patched in v7....

Security Bulletin: Resilient supports TLS1.2 ciphers that are not enabled for Perfect Forward Secrecy (PFS) (CVE-2021-20566)

Summary Resilient supports TLS1.2 ciphers that are not enabled for Perfect Forward Secrecy PFS. Such ciphers could allow an attacker who has recorded encrypted traffic and later obtains the server's key to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2021-20566...

Another one bites the dust: Avaddon ransomware group shuts down operation

Are you seeing some pattern here? In what could be a called "shocking news" on Friday, BleepingComputer revealed that the gang behind the Avaddon ransomware shut down its operations after releasing more than 2,000 decryption keys to the technology news site. BleepingComputer claimed they received...