CVE-2021-31855

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server e.g., an IMAP server causes KMail to upload the decrypted content of the message to the remote server. With a crafted message...

Insecure Verification Of Cryptographic Signature

aws-encryption-sdk suffers from an insecure verification of cryptographic signature. A flawed implementation of message decryption process allows the client code to read ESDK messages from untrusted sources to the end of the stream...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

in psi-4ward/psitransfer

✍️ Description Hi, with PsiTransfer we can upload files and protect them with a password. However, there is an IDOR that let an attacker retrieve arbitrary files and get the AES encrypted data of these files. All is left is to perform an offline bruteforce to crack the password of this file and ge...

Design/Logic Flaw

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

CVE-2021-22741

CVE-2021-22741 affects Schneider Electric ClearSCADA and EcoStruxure Geo SCADA Expert (2019 all versions; 2020 up to v83.7742.1). The issue is a Password Hash with Insufficient Computational Effort, which could allow an attacker with access to server database files to decrypt or reveal user crede...

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

Schneider Electric EcoStruxure Geo SCADA Expert 安全漏洞

Schneider Electric EcoStruxure Geo SCADA Expert ClearSCADA is a suite of data acquisition and monitoring software SCADA from Schneider Electric, France . A security vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert 2019 and EcoStruxure Geo SCADA Expert 2020 version 83.7742.1 and...

Oracle Linux 8 : python-cryptography (ELSA-2021-1608)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1608 advisory. - CVE-2020-36242: Fixed a bug where certain sequences of update calls when symmetrically encrypting very large payloads 2GB could result in an integer...

CVE-2021-20419

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280...

CVE-2021-20419

CVE-2021-20419 affects IBM Security Guardium 11.2. The described issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information (CVE-2021-20419; IBM X-Force ID 196280). Affected products/versions include Guardium 11.2; IBM lists multipl...

IBM Security Guardium Weak Encryption Algorithm Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...

IBM Security Guardium 加密问题漏洞

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...

RHEL 8 : python-cryptography (RHSA-2021:1608)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1608 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic...

python-cryptography: Bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

Moderate: python-cryptography security, bug fix, and enhancement update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. The following packages have been upgraded to a later upstream version: python-cryptography 3.2.1. BZ1873581, BZ1891947...

Ransomware’s Dangerous New Trick: Double-Encrypting Your Data

Even when you pay for a decryption key, your files may still be locked up by another strain of malware...

PT-2021-5781 · Nettle +9 · Nettle +9

Name of the Vulnerable Software and Affected Versions: Nettle affected versions not specified Description: A flaw was found in the way Nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application...

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained th...

CVE-2021-30183

The CVE-2021-30183 issue affects Octopus Server across multiple versions, where during import/export operations the password used to encrypt/decrypt sensitive values is written in plaintext to logs. Root cause is cleartext storage of sensitive information in log output. Public documents confirm t...