CVE-2023-50957 IBM Storage Defender - Resiliency Service privilege escalation

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783...

PT-2024-14028 · Ibm · Ibm Storage Defender - Resiliency Service

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service version 2.0 Description: The issue allows a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. Recommendations: For IBM Storage Defender -...

USN-6628-1: Linux kernel (Intel IoTG) vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...

CLSA-2024-1707478061 kernel: Fix of 11 CVEs

netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-2024-1086 - RDMA/core: Refactor rdmabindaddr CVE-2023-2176 - RDMA/cma: Do not change route.addr.srcaddr outside state checks - RDMA/cma: Ensure rdmaaddrcancel happens before issuing more requests - drm/amdgpu: Fix potential fence...

CVE-2024-25679

Affected software : PQUIC (open source). Vulnerability : retention of unused initial encryption keys can disrupt a PSK-configured connection by sending a CONNECTION_CLOSE frame encrypted with the initial key computed (pre-5bde5bb). Impact : confidentiality impact HIGH; availability impact LOW; ot...

USN-6626-1: Linux kernel vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...

USN-6624-1: Linux kernel vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

USN-6624-1 linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

kernel: SEV-ES local priv escalation

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

New EU rules mean WhatsApp and Messenger must be interoperable with other chat apps. Here’s how that will work...

Design/Logic Flaw

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL...

CVE-2023-43522

CVE-2023-43522 is linked to Siemens SCALANCE W700: a NULL pointer dereference in the key unwrapping routine when the encrypted key is empty or NULL, causing a transient denial of service (crash). Details in connected plugin/NVD entries show a HIGH severity (CVSS v3.1: 7.5) with network attack vec...

The vulnerability of the NEXO-OS operating system in the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner tools used in production lines allows a person with improper access to increase their privileges.

The vulnerability of the NEXO-OS operating system in Bosch’s production line tools, such as the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner, is related to the use of rigidly encrypted user credentials. Exploiting this vulnerability could allow an intruder to gain...

Insecure Cryptographic Algorithm

Ylianst MeshCentral is vulnerable to the use of an Insecure Cryptographic Algorithm. The vulnerability is due to the usage of the HMAC-MD5 algorithm, which allows an attacker to brute force the encrypted content...

Unspecified vulnerability in vantage6 (CNVD-2024-07865)

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage that stems from the fact that input is not checked to see if it is encrypted if the task is created in encrypted...

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

A former software engineer with the U.S. Central Intelligence Agency CIA has been sentenced to 40 years in prison by the Southern District of New York SDNY for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally...

Cisco Nexus 9000 Information Disclosure (CVE-2023-20185)

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the cipher...

vantage6 may create unencrypted tasks in encrypted collaboration

Impact There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Workarounds This is not an issue with the normal workflow...

GHSA-RJMV-52MP-GJRR vantage6 may create unencrypted tasks in encrypted collaboration

Impact There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Workarounds This is not an issue with the normal workflow...

PYSEC-2024-32

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...