CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

R7-2017-13 | CVE-2017-5243: Nexpose Hardware Appliance SSH Enabled Obsolete Algorithms

Summary Nexpose physical appliances shipped with an SSH configuration that allowed obsolete algorithms to be used for key exchange and other functions. Because these algorithms are enabled, attacks involving authentication to the hardware appliances are more likely to succeed. We strongly encoura...

GE Multilin UR / URPlus / B95Plus Protection Relay Cryptographic Algorithm Weakness Information Disclosure (UR-2017-0001)

Binary data scadagemultilinprotectionrelayUR-2017-0001.nbin...

Atlassian's HipChat Hacked — Users' Data May Have Been Compromised

Atlassian's group chat platform HipChat is notifying its users of a data breach after some unknown hacker or group of hackers broke into one of its servers over the weekend and stole a significant amount of data, including group chat logs. What Happened? According to a security notice published o...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Cyberark Credential_Provider

C-Ark Credential Decoder Exploit tool for CVE-2021-31796...

Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari

Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple...

Hippo CMS: source code security analysis report

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...

Samsung SRN-1670D camera contains multiple vulnerabilities

Overview The Samsung SRN-1670D camera contains multiple vulnerabilities. Description CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200: Information Exposure - CVE-2015-8280 The interface...

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...

Microsoft Considers Earlier SHA-1 Deprecation Deadline

Tech companies continue to back away from SHA-1 like it’s an infectious disease. Microsoft, which already had plans to deprecate the crusty cryptographic algorithm by the start of 2017, decided this week to move up that deadline six months. The company said it’s considering whether it will start...

Practical SHA-1 Collision Attack Months Away

When Bruce Schneier made his oft-cited and mathematically sound projections about the life expectancy of the SHA-1 cryptographic algorithm, he didn’t think he was being conservative. “I thought I was being accurate given the information I had at the time,” Schneier said on Thursday. Schneier in...

Collision Attack: Widely Used SHA-1 Hash Algorithm Needs to Die Immediately

SHA-1 – one of the Internet's widely adopted cryptographic hash function – is Just about to Die. Yes, the cost and time required to break the SHA1 algorithm have fallen much faster than previously expected. According to a team of researchers, SHA-1 is so weak that it may be broken and compromised...

Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...

OpenDrive <= 1.3.141 Local Password Disclosure

No description provided by source. / Title: OpenDrive = 1.3.141 Local Password Disclosure Authors: Glafkos Charalambous, George Nicolaou Contact: glafkosatastalavistadotcom, ishtusatastalavistadotcom Version: 1.3.141 Vendor: http://www.opendrive.com Description: Authentication credentials used by...

Analyze Cryptographic Specifications: Cryptol

The Cryptol specification language was designed by Galois for the NSA’s Trusted Systems Research Group as a public standard for specifying cryptographic algorithms. A reference specification can serve as the formal documentation for a cryptographic module. Unlike current specification mechanisms,...

CVE-2012-5575

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

Code injection

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

CVE-2012-5575

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...