270 matches found
CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...
Design/Logic Flaw
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...
CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...
CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...
CVE-2021-3979
CVE-2021-3979 concerns a key length flaw in Ceph Storage (Red Hat Ceph Storage). The attacker could exploit incorrect key length handling to produce non-random keys, potentially weakening confidentiality and integrity of encrypted disks. The connected advisories confirm this vulnerability within ...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2022:2818-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2818-1 advisory. - A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is...
Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang
Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful...
CVE-2022-30273
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...
CVE-2022-30273
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...
CVE-2022-30273
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...
Code injection
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...
CVE-2022-30273
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...
The vulnerability of the Motorola Data Link Communication protocol’s implementation lies in the use of the Tiny Encryption Algorithm (TEA) in the ECB mode. This allows a intruder to gain unauthorized access to the protected information.
The vulnerability of the Motorola Data Link Communication MDLC protocol lies in the use of the Tiny Encryption Algorithm TEA for block encryption in the ECB mode. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...
PT-2022-3092 · Motorola · Motorola Mdlc Protocol
Name of the Vulnerable Software and Affected Versions: Motorola MDLC protocol through 2022-05-02 Description: The issue is related to the Motorola MDLC protocol's handling of message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption...
CVE-2021-32997
The affected Baker Hughes Bentley Nevada products 3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01...
CVE-2021-32997
CVE-2021-32997 affects Baker Hughes Bently Nevada 3500 equipment. Affected products and versions include System 1 6.x (Part 3060/00, 6.98 and prior), System 1 (Part 3071/xx & 3072/xx, 21.1 HF1 and prior), 3500 Rack Configuration (Part 129133-01, 6.4 and prior), and 3500/22M Firmware (Part 288055-...
IBM UrbanCode Deploy Encryption Issue Vulnerability (CNVD-2022-63372)
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in...
Emotet modules and recent attacks
Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations, started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of...
IBM UrbanCode Deploy 加密问题漏洞
IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...
CVE-2020-25180 Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...