PT-2021-14885 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.6 and later Description: The issue allows an attacker to decrypt some of the database's encrypted content, assuming a database breach has occurred. This is due to nonce reuse issues. Recommendations: For GitLab versions 11....

showdoc security feature issue vulnerability

showdoc is open source and a great tool for IT teams to share documents online. showDoc is vulnerable to a security feature issue that stems from the use of an encrypted weak pseudo-random number generator PRNG. No detailed vulnerability details are currently available...

Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

Not every secure messaging app is as safe as it would like us to think. And some are safer than others. A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about yo...

Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption E2EE across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to...

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

CVE-2021-29861

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085...

CVE-2021-26315

When the AMD Platform Security Processor PSP boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used...

CVE-2021-26320

Insufficient validation of the AMD SEV Signing Key ASK in the SENDSTART command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...

CVE-2021-26315

When the AMD Platform Security Processor PSP boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used...

Binatone Motorola-branded Camera Information Disclosure Vulnerability

Binatone Motorola-branded Camera is a Binatone licensed Motorola-branded product camera from Binatone Inc. The Binatone Motorola-branded Camera is vulnerable to information disclosure, which could be exploited by an attacker to download an encrypted log file containing sensitive information such ...

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

CVE-2021-41263

CVE-2021-41263 affects rails_multisite in Rails apps that rely on signed/encrypted cookies. The vulnerability allows cookie reuse across multiple sites within a multi-site Rails application due to how cookies are shared; it is mitigated by upgrading to rails_multisite v4, which invalidates all pr...

CVE-2021-41263 Secure/signed cookies share secrets between sites in rails_multisite

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic

A new analysis of website fingerprinting WF attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While...

Secure/signed cookies share secrets between sites in a multi-site application

Impact This vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

Information disclosure

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...