116 matches found
Command Execution Vulnerability in OpenSSL (CNVD-2022-51192)
OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...
CVE-2022-1252
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any...
On the Radar: Is 2022 the year encryption is doomed?
By Martin Lee. Quantum technology in development by the world’s superpowers will render many current encryption algorithms obsolete overnight. When it becomes available, whoever controls this technology will be able to read almost any encrypted data or message they wish. Organizations need... Thi...
IBM Cloud Pak for Security Encryption Issue Vulnerability
IBM Cloud Pak for Security CP4S is an open security platform from IBM that connects to your existing data sources, generates deeper insights, and enables you to act faster with automation. IBM Cloud Pak for Security CP4S suffers from an encryption issue vulnerability in versions 1.7.0.0, 1.7.1.0,...
openssl buffer overflow vulnerability (CNVD-2021-71263)
OpenSSL is an open source general-purpose cryptographic library from the Openssl team capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hashing algorithms,...
IBM Security Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-05125)
IBM Security Guardium Data Encryption is a software for securing sensitive data within organizations from IBM, U.S.A. A security vulnerability exists in IBM Security Guardium Data Encryption, which stems from the use of weaker than expected encryption algorithms for data encryption, which could b...
IBM Security Guardium Data Encryption加密问题漏洞
IBM Security Guardium Data Encryption is a software for securing sensitive data within organizations from IBM, U.S.A. A security vulnerability exists in IBM Security Guardium Data Encryption, which stems from the use of weaker than expected encryption algorithms for data encryption, which could b...
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360...
openGauss: Configuring the SSL Encryption Algorithm
sslciphers specifies the SSL encryption algorithms used for secure connections. openGauss supports the following algorithms: - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES256-GCM-SHA384 - DHE-DSS-AES128-GCM-SHA256 - DHE-RSA-AES256-SHA256 - DHE-RSA-AES128-SHA256 -...
MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory
Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...
Arbitary Code Execution
krb5 is vulnerable to arbitrary code execution. Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center KDC decrypted ciphertexts encrypted with the Advanced Encryption Standard AES and ARCFOUR RC4 encryption algorithms. I...
IBM Security Guardium Big Data Intelligence Encryption Issue Vulnerability
IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. An encryption issue vulnerability exists in IBM Security Guardi...
CVE-2019-1828
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for use...
Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...
Quantum Computing and Cryptography
Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to...
Gandcrab Ransomware Puts Pinch On Victims
ARCHIVED STORY GandCrab Ransomware Puts the Pinch on Victims By Alexandre Mundo · July 31, 2018 Update: On August 9 we added our analysis of Versions 4.2.1 and 4.3. The GandCrab ransomware first appeared in January and has been updated rapidly during its short life. It is the leading ransomware...
Design/Logic Flaw
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. ...
CVE-2017-16726
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. ...
Microsoft Windows: Hardware-based encryption for OS drives (allowed algorithms)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winosrestrictcrypto.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Configure use of hardware-based encryption for operating system drives: Restrict crypto algorithms or cipher suites to the following Authors:...
Microsoft Windows: Use of hardware-based encryption for OS drives
This policy setting allows you to manage BitLocker Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...