Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation FBI and Australian Federal Police AFP ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside AFP,...

CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

SAP Netweaver 命令注入漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A command injection vulnerability exists in SAP NetWeaver AS ABAP, which can be exploited by an attacker to inse...

Rockwell Automation ISaGRAF 信任管理问题漏洞

Rockwell Automation ISaGRAF is an automation software technology for creating integrated automation solutions from Rockwell Automation. It is designed to be scalable and portable and is suitable for developing small controllers and large distributed automation systems. Rockwell Automation ISaGRAF...

PT-2024-11236 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.45/5.12.12 Description: The issue arises when memory marked as EFI boot services data is not properly mapped as encrypted under SEV, potentially leading to a kernel crash at boot. This occurs because some...

Realtek RTL8710 Buffer Overflow Vulnerability

The Realtek RTL8710, an IoT microcontroller from Realtek Semiconductor Taiwan, China, suffers from a buffer overflow vulnerability that could be exploited to send a manual "Encrypted GTK" value as part of a as part of a WPA2 4-way handshake...

charlotte

It is an offensive tool for Windows. The repository contains a Python script, charlotte.py, which is a fully undetected shellcode launcher. The script uses XOR encryption to encrypt the shellcode and function names. The script is designed to be used with the Metasploit framework, and it can be us...

OpenVPN has an unspecified vulnerability

Openvpn OpenVPN is a software package from the American company OpenVPN Openvpn for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificat...

Design/Logic Flaw

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server e.g., an IMAP server causes KMail to upload the decrypted content of the message to the remote server. With a crafted message...

CVE-2021-31855

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server e.g., an IMAP server causes KMail to upload the decrypted content of the message to the remote server. With a crafted message...

CVE-2021-31855

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server e.g., an IMAP server causes KMail to upload the decrypted content of the message to the remote server. With a crafted message...

GHSA-H45P-W933-JXH3 Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-89V2-G37M-G3FF Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

Improper Verification of Cryptographic Signature in aws-encryption-sdk

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-X5H4-9GQW-942J Improper Verification of Cryptographic Signature in aws-encryption-sdk

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

GHSA-55XH-53M6-936R Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

CVE-2021-3425

CVE-2021-3425 affects Red Hat AMQ Broker (7.x). The issue: when using JDBC persistence, the broker logfile can disclose encrypted JDBC usernames and passwords, exposing credentials via log output. Root cause details are not explicitly enumerated in the provided documents, but the impact is creden...

The vulnerability of the Thunderbird email client arises due to insufficient implementation of security measures, allowing attackers to compromise data integrity.

The vulnerability of the Thunderbird email client exists due to insufficient implementation of security measures. Exploiting this vulnerability allows a malicious actor to manipulate data integrity through a specially crafted email with MIME encoding. Such emails contain an embedded signed or...