369 matches found
CVE-2021-33686
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree...
Cisco Adaptive Security Appliance Software Release 7.0.0 IPsec DoS (cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC)
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...
Ypsomed mylife App 信任管理问题漏洞
Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App is vulnerable to a trust management issue, which stems...
GHSA-H45P-W933-JXH3 Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...
GHSA-89V2-G37M-G3FF Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...
Improper Verification of Cryptographic Signature in aws-encryption-sdk
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...
GHSA-X5H4-9GQW-942J Improper Verification of Cryptographic Signature in aws-encryption-sdk
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...
GHSA-55XH-53M6-936R Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...
CVE-2021-24027
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material...
CVE-2020-11922
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...
[ASA-202102-36] python-cryptography: incorrect calculation
Arch Linux Security Advisory ASA-202102-36 ========================================== Severity: Medium Date : 2021-02-27 CVE-ID : CVE-2020-36242 Package : python-cryptography Type : incorrect calculation Remote : No Link : https://security.archlinux.org/AVG-1541 Summary ======= The package...
Dell BSAFE Micro Edition Suite Unchecked Return Value Vulnerability
The Dell BSAFE Micro Edition Suite is a Dell development kit that provides encryption, certificate, and transport layer security for c/c++ applications, devices, and systems. A security vulnerability exists in the Dell BSAFE Micro Edition Suite that stems from susceptibility to an unchecked retur...
CVE-2020-5359
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data...
Code injection
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data...
CVE-2020-5359
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data...
Dell BSAFE Micro Edition Suite 安全漏洞
The Dell BSAFE Micro Edition Suite is a Dell development kit that provides encryption, certificate, and transport layer security for c/c++ applications, devices, and systems. A security vulnerability exists in the Dell BSAFE Micro Edition Suite that stems from susceptibility to an unchecked retur...
Unspecified Vulnerability in Apple macOS Catalina (CNVD-2020-61028)
Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. Apple macOS Catalina suffers from a security vulnerability that stems from an issue when Siri suggests that a user access encrypted data, which could be inappropriately accessed. No details of the...
CVE-2020-9774
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...