155 matches found
GnuPG 安全漏洞
GnuPG is a suite of open source cryptographic software from the American GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. A security vulnerability exists in GnuPG versions prior to 2.5.5, which stems from th...
CVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
CVE-2025-30258
In GNUPG before 2.5.5, importing a certificate with crafted subkey data that lacks a valid backsig or has incorrect usage flags can cause a verification DoS, disabling signature verification for certain other signing keys. This CVE affects GnuPG’s subkey import handling; impact is limited to sign...
CVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
CVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
CVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
CVE-2023-4680
A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...
SUSE SLED15: python3-rpm / python311-rpm / rpm / rpm-32bit / rpm-build / etc (SUSE-SU-2024:1557-2)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-2 advisory. Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: ...
SUSE-SU-2024:1557-1 Security update for rpm
This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...
BIT-VAULT-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
GHSA-V84F-6R39-CPFC HashiCorp Vault Improper Input Validation vulnerability
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
Design/Logic Flaw
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
CVE-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
CVE-2023-4680
CVE-2023-4680 affects HashiCorp Vault/Vault Enterprise transit secrets engine. The vulnerability allows an authorized user to specify arbitrary nonces, even when convergent encryption is disabled. The encrypt endpoint, with an offline attack, could decrypt arbitrary ciphertext and potentially der...
PT-2023-9602 · Hashicorp +2 · Hashicorp Vault +3
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.6.0 through 1.12.10 HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.6 HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.2 Description: The issue is related to...
Trend Micro Apex One elevation of privilege vulnerability (CNVD-2023-65421)
Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to an agent subkey...
CVE-2023-34148
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...
Trend Micro Apex One 安全漏洞
Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to an agent subkey...