CVE-2021-45450

In Mbed TLS, versions before 2.28.0 and before 3.1.0 have a vulnerability in PSA cipher functions where psa_cipher_generate_iv and psa_cipher_encrypt can expose policy bypass or oracle-based decryption if the output buffer is accessible to an untrusted application. The issue affects older 2.x and...

ARM mbed TLS 加密问题漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A security vulnerability exists in Mbed TLS versions prior to 3.1.0 that stems from psaaeadgeneratenonce allows policy bypass or oracle-based decryption that can be accessed by...

CVE-2021-45451

CVE-2021-45451 affects Mbed TLS prior to 3.1.0. The flaw is in psa_aead_generate_nonce, which can enable policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted app. The vulnerability is tied to how nonces are generated for AEAD operations...

CVE-2021-45450

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psaciphergenerateiv and psacipherencrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

CVE-2021-45451

In Mbed TLS before 3.1.0, psaaeadgeneratenonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

CVE-2021-42138

A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine...

PT-2021-24238

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 2.28.0 Mbed TLS versions 3.x prior to 3.1.0 Description: The issue allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application, specifically...

ModelSim Simulation and Questa Simulation Underprotected Credential Vulnerability

Questa and ModelSim simulators are used worldwide to simulate, debug, and verify integrated circuit designs, etc. ModelSim Simulation and Questa Simulation do not protect sufficient credentials, and the RSA white-box implementation in the affected application does not adequately protect the...

SUSE: Security Advisory (SUSE-SU-2021:4003-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-38947

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242...

CVE-2021-38947

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242...

SUSE-SU-2021:4003-1 Security update for bcm43xx-firmware

This update for bcm43xx-firmware fixes the following issues: - CVE-2019-15126: Fixed a bug which could have allowed unauthorized decryption of some WPA2-encrypted traffic bsc1167162...

IBM DB2 加密问题漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM DB2 for Linux, UNIX, and Windows, which stems fr...

Exploit for Path Traversal in Grafana

grafanaExp Exploits using the CVE-2021-43798 vulnerability in...

BlackByte ransomware exploits Microsoft Servers ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlackByte ransomware is targeting organizations with unpatched ProxyShell vulnerabilities. Proxy Shell was addressed by hive pro threat researcher in the previous advisory released on August 24. ProxyShell is a combination of...

Code injection

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

CVE-2021-22170

Removed by vendor...

CVE-2021-22170

CVE-2021-22170 concerns GitLab 11.6+ where nonce reuse in the database encryption enables an attacker to decrypt some of the database’s encrypted content. Root cause: repeated nonces in encryption. Impact: partial confidentiality loss of data; no integrity/availability changes stated. Connected s...

Schneider Electric Software Update 安全特征问题漏洞

Schneider Electric Software Update is a software update tool for Schneider Electric products from Schneider Electric France. A security signature issue vulnerability exists in Schneider Electric Software Update SESU that stems from An entropy insufficiency vulnerability exists in Schneider Electr...

CVE-2021-20400

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074...