UBUNTU-CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

Ciphertext Leakage

Netbird is vulnerable to Ciphertext Leakage. The vulnerability is due to the use of a static initialization vector IV in the Encrypt function within the crypt.go file, which does not change for different encryption operations and allows attackers to expose the sensitive information through...

USN-6943-1 tomcat8, tomcat9 vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

GHSA-9V35-4XCR-W9PH NetBird uses a static initialization vector (IV)

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

CVE-2024-41260 : NetBird’s netbird management service (versions 0.23.2–0.29.1) uses a static initialization vector (IV) in the encrypt function, enabling an attacker with access to the audit events database to obtain sensitive information (email addresses). Root cause: static IV in the encryption...

PT-2024-29338

Name of the Vulnerable Software and Affected Versions netbird version 0.28.4 Description The issue concerns a static initialization vector IV used in the encrypt function, allowing attackers to obtain sensitive information. This static IV is utilized in the github.com/netbirdio/netbird code...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

PT-2024-40996 · Podofo · Podofo

Name of the Vulnerable Software and Affected Versions: podofo affected versions not specified Description: The issue concerns the validation of encrypt dictionary parameters in PdfEncrypt and the handling of invalid XRef stream entries in PdfXRefStreamParserObject. Recommendations: At the moment,...

CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...

GHSA-92WP-JGHR-HH87 Weak encryption in Ninja Core

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

PT-2024-4074 · NetGear · Netgear Wnr614 N300

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 N300 version 1.1.0.54 1.0.1 Description: The issue is related to the storage of protected information in an unencrypted form. This could allow a remote attacker to disclose protected information. The estimated number of...

CVE-2024-36823

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

CVE-2024-36823

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

CVE-2024-36823

Last updated 24 July 2024...

PT-2024-27171 · Unknown · Ninja Core

Name of the Vulnerable Software and Affected Versions: Ninja Core version 7.0.0 Description: The encrypt function was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. Recommendations: For Ninja Core version 7.0.0, consider disabling the...

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1773)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...