SUSE CVE-2012-0811

Multiple SQL injection vulnerabilities in Postfix Admin aka postfixadmin before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the pw parameter to the pacrypt function, when mysqlencrypt is configured, or 2 unspecified vectors that are used in backup files generate...

SUSE CVE-2017-3733

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

SUSE CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

SUSE CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

How to Encrypt any File, Folder, or Drive on Your System

Trust us, it’s safer this way...

PT-2023-1148 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the monitoring application could allow an authenticated, local attacker to access a static secret key used to store both local data and...

GSD-2023-1000442 ext4: don't allow journal inode to have encrypt flag

ext4: don't allow journal inode to have encrypt flag This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

PT-2022-24890 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 21.1.0 Description: The issue affects GoCD, a continuous delivery server that automates and streamlines the build-test-release cycle for continuous delivery of products. It leaks the symmetric key used to encrypt/decryp...

Protect

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt keytab values in FortiOS & FortiProxy may allow an attacker in possession of the encrypted secret to decipher it...

CVE-2022-39829

There is a NULL pointer dereference in aes256encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVPCIPHERCTXnew...

SAMSUNG mTower 代码问题漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower 0.3.0 and earlier versions, which stems from a lack of checking of the return value of EVPCIPHERCTXnew and a NULL pointer dereference in aes256encrypt...

PT-2022-25019 · Samsung · Samsung Mtower

Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: The issue is related to a NULL pointer dereference in the aes256 encrypt function due to a missing check on the return value of EVP CIPHER CTX new. Recommendations: For Samsung mTower...

CVE-2022-1632

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of...

CVE-2022-1632

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of...

CLSA-2022-1660238929 Fixed CVE-2022-2097 in openssl

CVE-2022-2097: Fix AES OCB encrypt/decrypt for x86 AES-NI...

Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-acme-lego-4.4.0-7.fc36

Let's Encrypt client and ACME library written in Go...