Microsoft Patches ‘Major’ Crypto Spoofing Bug

A major crypto-spoofing bug impacting Windows 10 users has been fixed as part of Microsoft’s January Patch Tuesday security bulletin. The vulnerability could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an...

CVE-2012-4767

CVE-2012-4767 concerns Safend Data Protector Agent 3.4.5586.9772, where the securitylayer.log within logs.9972 allegedly exposes a private key, enabling a local attacker to decrypt communications and potentially alter the machine’s security policies. The NVD description states an attacker could d...

Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones

Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data...

Code injection

IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429...

CVE-2019-4508

IBM QRadar SIEM versions 7.3.0–7.3.3 are affected by CVE-2019-4508 due to weak credential storage that could be decrypted by a local attacker. The root cause is insecure storage of credentials, enabling high-severity impact (confidentiality loss) when exploited locally. Relevant impact guidance f...

glpi -- Public GLPIKEY can be used to decrypt any data

MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...

EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2695)

According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM i

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to constru...

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

IBM API Connect Weak Encryption Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version 2018.4.1.7 that stems from the...

Security Bulletin: Password Encryption / Decryption affects IBM Control Center (CVE-2016-0252)

Summary IBM Control Center passwords could be compromised with reverse engineering and other conditions. Vulnerability Details CVEID: CVE-2016-0252 DESCRIPTION: IBM Control Center could allow a local attacker, under special conditions, to decrypt the master key which in turn could be used to...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted...

Code injection

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted...

CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted...

OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors. This issue affects Palo Alto Networks PAN-OS 7.1...

OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS

The OpenSSL library has been updated in PAN-OS to resolve CVE-2019-1559. This is a cryptographic vulnerability that under certain situations may allow a remote attacker to decrypt data by observing server responses to different types of errors. This issue affects Palo Alto Networks PAN-OS 7.1...

Side Channel Attack

libgcrypt.so is vulnerable to side-channel attack. The vulnerability exists as the library fails to perform ciphertext blinding for the Elgamal decryption, allowing a local attacker to compromise the server's private key through a crafted ciphertext and analyzing the fluctuations in the...

HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability

Potential Security Impact Disclosure and Modification of Information Source: HP, HP Product Security Response Team PSRT Reported by: N/A VULNERABILITY SUMMARY Certain HP printers are vulnerable to the Key Negotiation of Bluetooth KNOB attack. Data over Bluetooth can be intercepted, decrypted, and...

EulerOS 2.0 SP2 : nss (EulerOS-SA-2019-2467)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...