HSEC-2023-0011 git-annex GPG decryption attack via compromised remote

git-annex GPG decryption attack via compromised remote A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's GPG key. This attack could be used to expose encrypted data that was never stored in git-annex. Daniel Dent discovered this...

EUVD-2021-9316

Malicious code in bioql PyPI...

CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...

BIT-GITLAB-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

Insecure Cryptographic Algorithm

Ylianst MeshCentral is vulnerable to the use of an Insecure Cryptographic Algorithm. The vulnerability is due to the usage of the HMAC-MD5 algorithm, which allows an attacker to brute force the encrypted content...

Information Exposure

Overview railties is an application bootup, plugins, generators, and rake tasks. Affected versions of this package are vulnerable to Information Exposure. The ImpactActiveSupport::EncryptedFile method writes contents that will be encrypted to a temporary file. The temporary file’s permissions are...

Information Exposure

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Information Exposure. The ImpactActiveSupport::EncryptedFile method writes contents that will be encrypted to a temporary file...

SUSE CVE-2015-1790

The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob that uses ASN.1 encoding and lack...

CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

CVE-2021-22170

Removed by vendor...

PT-2021-14885 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.6 and later Description: The issue allows an attacker to decrypt some of the database's encrypted content, assuming a database breach has occurred. This is due to nonce reuse issues. Recommendations: For GitLab versions 11....

OPENSUSE-SU-2021:0227-1 Security update for messagelib

This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885. This update was imported from the openSUSE:Leap:15.1:Update update project...

Security update for messagelib (moderate)

openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0227-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This updat...

OPENSUSE-SU-2021:0188-1 Security update for messagelib

This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885...

Security update for messagelib (moderate)

openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0188-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen...

EulerOS 2.0 SP5 : nss (EulerOS-SA-2019-2174)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...

UBUNTU-CVE-2019-11755

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...