Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Use of a Broken or Risky Cryptographic Algorithm vulenrability (CVE-2017-1598)

Summary IBM Security Guardium Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM Security Guardium Database Activity Monitor has fixed this vulenrability Vulnerability Details CVEID: CVE-2017-1598...

Security Bulletin: API Connect is affected by weaker than expected cryptographic algorithm usage vulnerability (CVE-2018-1385)

Summary API Connect has addressed the following vulnerability. IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2018-1385 DESCRIPTION: IBM API Connect uses weaker than expected...

CVE-2017-1473

CVE-2017-1473 affects IBM Security Access Manager Appliance: versions 8.0.0–8.0.1.6 and 9.0.0–9.0.3.1 use weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM’s advisory (IBM Security Access Manager Appliance) lists remediation: upgrade to 8.0....

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200

CVSS v3 5.9 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Vulnerabilities: Stack-based Buffer Overflow, Use of Hard-coded Credentials, Use of a Broken or Risky Cryptographic...

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

Overview Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore. Description Bouncy Castle is a cryptographic library for C and Java applications, including Android applications. BKS is a...

CVE-2017-17167

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

CVE-2017-17167

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

Design/Logic Flaw

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

CVE-2017-17167

CVE-2017-17167 affects Huawei DP300 (V500R002C00), TP3206 (V100R002C00), and ViewPoint 9030 (V100R011C02/V100R011C03) due to use of a broken or risky cryptographic algorithm in SSL. The root cause is reliance on weak crypto algorithms for SSL, enabling a remote unauthenticated attacker to potenti...

CVE-2017-17167

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known...

Security Advisory - Use of a Risky Cryptographic Algorithm Vulnerability on Several Products

There is a use of a broken or risky cryptographic algorithm vulnerability on several products. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could resul...

Design/Logic Flaw

FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...

CVE-2017-8191

FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...

Security Advisory - Multiple Vulnerabilities in FusionSphere OpenStack

There is a privilege escalation vulnerability in Huawei FusionSphere OpenStack. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. Vulnerability ID: HWPSIRT-2017-07053 This...

CVE-2014-9969

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm...

Code injection

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm...

CVE-2014-9969

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm...

IBM Tivoli Endpoint Manager Encryption Algorithm Vulnerability

IBM BigFix Platform is IBM's dynamic multi-technology platform that integrates message content drivers and management systems, of which Tivoli Endpoint Manager is the endpoint control software. A cryptographic algorithm vulnerability exists in Tivoli Endpoint Manager in the IBM BigFix Platform th...

Code injection

IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903...

Yelp: Firefly's verify_access_token() function does a byte-by-byte comparison of HMAC values.

Dear Yelp bug bounty team, Summary --- Firefly is vulnerable to timing attacks, because the verifyaccesstoken function performs a byte-by-byte comparison, which terminates early when two characters do not match. Timing attacks are a type of side channel attack where one can discover valuable...