Synology DiskStation Manager 缓冲区错误漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. The operating system manages information such as data, files, photos, music, etc. The operating system is not compatible with Synology DiskStation Manager DSM. A buffer...

DeadBolt ransomware gang tricked into giving victims free decryption keys

Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

FreeBSD : OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher (7392e1e3-4eb9-11ed-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7392e1e3-4eb9-11ed-856e-d4c9ef517024 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated...

Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys

By Deeba Ahmed According to Dutch Police, Deadbolt ransomware attacks mainly focused on NAS network-attached storage. This is a post from HackRead.com Read the original post: Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-02 OpenSSL: Multiple Vulnerabilities - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH...

Code injection

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...

CVE-2022-39309

GoCD server (versions prior to 21.1.0) leaks the symmetric key used to encrypt/decrypt secure variables in configuration to authenticated agents during material serialization. A compromised trusted agent could exfiltrate the key from memory and potentially decrypt secrets for other agents/environ...

CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...

CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...

GHSA-4F63-89W9-3JJV Using a Custom Cipher with `NID_undef` may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

Using a Custom Cipher with `NID_undef` may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

Code injection

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

CVE-2022-3358

Summary: CVE-2022-3358 affects OpenSSL 3.0.0–3.0.5 and occurs when legacy custom ciphers are passed via EVP_CIPHER_meth_new() with NID_undef. The initialization functions EVP_EncryptInit_ex2()/EVP_DecryptInit_ex2()/EVP_CipherInit_ex2() may resolve to the NULL cipher from providers, causing plaint...

CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...