5835 matches found
CVE-2021-27328
The CVE-2021-27328 entry affects Yeastar NeoGate TG400 91.3.0.3 and is confirmed via multiple connected sources as a Directory Traversal vulnerability. An authenticated user can traverse paths to decrypt firmware and read sensitive files (e.g., firmware password/decryption key). Public PoCs and d...
CVE-2021-27328
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...
Yeastar NeoGate TG400 Path Traversal Vulnerability
Yeastar Yeastar NeoGate TG400 is a software application from Yeastar Spain. The offering provides telecom resellers with a platform to easily launch hosted PBX services with its full range of features, scalability and UC capabilities. A path traversal vulnerability exists in Yeastar NeoGate TG400...
WireBug - A Toolset For Voice-over-IP Penetration Testing
WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to use. The tools are build for single using too, so every tool is its own python or bash program. Installation Install the dependencies in requirements.txt and the python dependencies in...
CVE-2021-20406
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184...
CVE-2021-20406
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184...
PT-2021-13941 · Ibm · Ibm Security Verify Information Queue
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 1.0.6 through 1.0.7 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...
IBM Security Verify Information Queue 加密问题漏洞
IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A weak cryptographic algorithm vulnerability exists in IBM Security Verify Information Queue. An attacker could exploi...
Asymmetric-key algorithms and symmetric-key algorithms
The symmetry of the algorithm comes from the fact that both parties involved share the same key for both encryption and decryption. It works similar to a physical door where everyone uses a copy of the same key to both lock and unlock the door. A symmetric-key algorithm, just like real doors,...
GHSA-RHM9-P9W5-FWM7 PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of update calls with large values multiple GBs for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of...
Ransomware Demands Spike 320%, Payments Rise
When it comes to paying the ransom in a ransomware attack, demands are on the rise. Yet, many companies that paid the ransom failed to receive a decryption key, in a survey issued Monday. In fact, pandemic-themed phishing scams, a sustained onslaught of ransomware attacks and the rise of a remote...
Huawei eUDC660 Improper Resource Management Vulnerability
The Huawei eUDC660 is a device from Huawei, China, that provides scheduling capabilities. The device supports broadband trunk scheduling to improve the efficiency of voice, data, and video communications in transportation, energy, and other areas. A security vulnerability exists in Huawei eUDC660...
Fonix ransomware gives up life of crime, apologizes
Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed. And the Fonix ransomware also known as FonixCrypter and Xinof, one of those ransomware-as-a-service RaaS offerings, is the latest to join the club. End of FonixCrypter...
CVE-2020-4968
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427...
CVE-2020-4968
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427...
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4968)
Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. The vulnerability concerns the unencryption of data sent on RMI ports that could allow eavesdrop on communications. Vulnerability Details CVEID: CVE-2020-4968...
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API via timed processing of valid PKCS#1 v1.5 ciphertext.
...
IBM Security Identity Governance and Intelligence 加密问题漏洞
IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. A weak cryptographic algorithm vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. An attacker could exploit this vulnerability to decrypt highly...
CVE-2020-4968
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427...
IBM Security Guardium Insights Weak Cryptographic Algorithm Vulnerability (CNVD-2021-03714)
IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Insights 2.0.2. An attacker could exploit the...