Zip4j 访问控制错误漏洞

Zip4j is a Java library for zip files and streams from the individual developer Srikanth Reddy Lingala. A security vulnerability exists in Zip4j that stems from the use of Zip4j that does not always check the MAC when decrypting ZIP archives...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2021-40341

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B...

Software provider denied insurance payout after ransomware attack

The Supreme Court of Ohio issued a ruling days before the New Year that a software and service provider shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesnt have any. "When insurance policy covers...

CVE-2022-44012

CVE-2022-44012 affects Simmeth Lieferantenmanager (pre-5.6). An issue in the /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId endpoint enables cross-site scripting, allowing an attacker to run JavaScript in a victim’s browser and potentially access the victim’s encrypted pas...

K15389: OpenSSL vulnerability CVE-2011-4576

Security Advisory Description The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

CVE-2022-22461

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007...

CVE-2022-38391

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982...

IBM Spectrum Control 加密问题漏洞

IBM Spectrum Control formerly known as Tivoli Storage Productivity Center is a suite of storage resource management software from International Business Machines IBM. The software provides monitoring, automation and analysis for multiple storage systems. IBM Spectrum Control version 5.4 suffers...

PT-2022-24403 · Ibm · Ibm Spectrum Control

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Control version 5.4 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM Spectrum Control...

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...

OpenSSL 3.0.0 < 3.0.8 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.8. It is, therefore, affected by a denial of service DoS vulnerability. If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some...

Hardcoded credentials

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine...

CVE-2022-2660

CVE-2022-2660 affects Delta Electronics DIALink (Industrial Automation server) v1.4.0.0 and earlier. The vulnerability stems from the use of a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive data and compromise the machine. Impact is high/critical depending on met...

CVE-2022-46832

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmwa...

CVE-2022-46833

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

CVE-2022-27581

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

PT-2022-27991 · Sick · Sick Rfu63X

Name of the Vulnerable Software and Affected Versions: SICK RFU63x firmware versions prior to 2.21 Description: The issue is related to the use of a broken or risky cryptographic algorithm, allowing a low-privileged remote attacker to decrypt encrypted data if weak cipher suites are used for...

SICK RFU63x 加密问题漏洞

The SICK RFU61x is the smallest read/write device in the SICK UHF portfolio from SICK. It is ideally suited for IoT applications directly on workpieces or components. A security vulnerability exists in the SICK RFU63x prior to version 2.21, which stems from if a user requests encryption with a we...