Colonial Pipeline Shells Out $5M in Extortion Payout, Report

Colonial Pipeline Co., operator of the largest U.S. fuel pipeline, reportedly paid $5 million to criminals behind a ransomware attack that has sent fuel prices spiking up and down the East Coast. Sources familiar with the payout told Bloomberg that representatives of Colonial Pipeline paid the...

DEBIAN-CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

CVE-2020-26141

CVE-2020-26141 affects the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi‑Fi stack does not verify the Message Integrity Check for fragmented TKIP frames, allowing an adjacent attacker to inject and potentially decrypt packets in WPA/WPA2 TKIP networks. The provided connected documents d...

UBUNTU-CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn’t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Timing attacks in python-rsa

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

GHSA-XRX6-FMXQ-RJJ2 Timing attacks in python-rsa

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

CVE-2021-1402

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validati...

CVE-2021-1402 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validati...

CVE-2021-1402 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validati...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

Security Bulletin: Security vulnerability affects Rational Engineering Lifecycle Manager

Summary There is a security vulnerability in the Rational Engineering Lifecycle Manager. The Rational Engineering Lifecycle Manager team has addressed the issue and published a remediation. Vulnerability Details CVEID: CVE-2018-1608 DESCRIPTION: IBM RELM uses weaker than expected cryptographic...

Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validati...

CVE-2021-29694

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258...

CVE-2021-29694

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258...

Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft File Systems backup and restore (CVE-2020-25659)

Summary Vulnerability in python-cryptography may affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore. Vulnerability Details CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timi...

Information Disclosure

Thunderbird is vulnerable to information disclosure. The vulnerability exists due to the system unprotecting a secret OpenPGP key prior to using it for decryption ,signing or key import task...

IBM Spectrum Protect Plus 加密问题漏洞

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. IBM Spectrum Protect Plus has a security...

CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...