Google Android Teamwire Encryption Issue Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA.Framework is one of the Android framework components.System is one of the system components.USB driver is one of the Universal Serial Bus USB drivers. Bluetooth is one of the Bluetooth components...

Code injection

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683...

CVE-2020-4169

CVE-2020-4169 affects IBM Security Guardium Insights 2.0.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Root cause: insufficient cryptographic protection as described in IBM X-Force entry; impact is confidentiality loss. Rem...

CVE-2020-4169

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405...

Security Bulletin: IBM Elastic Storage Server GUI is affected by weak cryptographic algorithms

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage Server GUI where weaker than desirable cryptographic algorithms are permitted. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale 5.0.0.0...

The vulnerability of the modular inversion function of the NSS libraries allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the modular inversion function in Network Security Services libraries is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by...

CVE-2020-4185

IBM Security Guardium versions 10.5, 10.6, 11.0, and 11.1 are affected by CVE-2020-4185 due to the use of weaker cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The vulnerability stems from cryptographic algorithm usage in the product, as described...

Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems

Face masks not only have shown in research to slow the spread of COVID-19, they also deter facial-recognition technology from correctly identifying people, according to a new study. New research from the National Institute of Standards and Technology NIST found that even the best of 89 commercial...

Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator Standard Edition has addressed multiple IBM MQ security vulnerabilities. Vulnerability Details CVEID: CVE-2019-4039 DESCRIPTION: IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within...

NSA on Securing VPNs

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents a full and an abridged version on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and...

[SECURITY] Fedora 32 Update: botan2-2.14.0-1.fc32

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

CVE-2020-15084

In express-jwt NPM package up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

Authorization

In express-jwt NPM package up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

CVE-2020-15084 Authorization bypass in express-jwt

In express-jwt NPM package up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

GHSA-6G6M-M6H5-W9GF Authorization bypass in express-jwt

Overview Versions before and including 5.3.3, we are not enforcing the algorithms entry to be specified in the configuration. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. Am I affected? You are affected by this...

Authorization bypass in express-jwt

Overview Versions before and including 5.3.3, we are not enforcing the algorithms entry to be specified in the configuration. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. Am I affected? You are affected by this...

PT-2020-14172 · Auth0 · Express-Jwt +1

Name of the Vulnerable Software and Affected Versions: express-jwt versions 5.3.3 and earlier Description: The issue arises when the algorithms entry is not specified in the configuration, potentially leading to authorization bypass when used with libraries like jwks-rsa as the secret. This occur...

Code injection

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324...

Security Bulletin: IBM API Connect V 2018 (ova) is impacted by weak cryptographic algorithms (CVE-2020-4452)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4452 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base score: 5.9 CVSS Temporal...