MGASA-2021-0294 Updated libgcrypt packages fix a security vulnerability

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately CVE-2021-33560...

VeryFitPro 加密问题漏洞

VeryFitPro is a powerful health management software from China's Shenzhen Aidu Technology Co., Ltd. that needs to be used with the same brand of smart bracelet, using the app users can view the number of steps taken, calories burned, sleep quality and other information in real time. There is an...

Gallagher Command Centre Server 加密问题漏洞

Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. Gallagher Command Centre Server is vulnerable to an encryption issue that originates from the discovery of an OSDP reader master key in a server memory dump of...

IBM Security Guardium Weak Encryption Algorithm Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...

MediaWiki 加密问题漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A vulnerability exists in MediaWiki due to an encryption issue that stems from affected software...

Observable Differences in Behavior to Error Inputs in Bouncy Castle

In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that...

Unspecified vulnerability in npm jose

npm jose is an application from the U.S. company npm. Use native encryption runtime does not depend on the item JWA, JWS, JWE, JWT, JWK. A security vulnerability exists in npm jose that stems from a possible timing difference when a padding error occurs while decrypting a ciphertext. No detailed...

IBM Jazz Team Server Weak Encryption Algorithm Vulnerability

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A security vulnerability exists in IBM Jazz...

HPE Unified Data Management 信任管理问题漏洞

HPE Unified Data Management is a software application from HPE America. It provides a management function. A security vulnerability exists in HPE Unified Data Management that originates from a hard-coded encryption key that allows local disclosure of privileged information...

红帽 3scale 加密问题漏洞

Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in 3scale that could be exploited by an attacker to attack traffic and break its encryption to gain access to unauthorized information...

Moderate: Red Hat Security Advisory: Red Hat Integration Debezium 1.4.2 security update

An update for Debezium MongoDB connector is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

IBM DataPower Gateway 加密问题漏洞

IBM DataPower Gateway is a security and integration platform built specifically for mobile, cloud, API, web, SOA, B2B and cloud workloads. A weak cryptographic algorithm vulnerability exists in IBM DataPower Gateway 10.0.0.0 - 10.0.1.0. An attacker could exploit the vulnerability to decrypt highl...

OESA-2021-1065 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

IBM Security Verify Bridge Information Disclosure Vulnerability

IBM Security Verify Bridge is an IBM application component from International Business Machines IBM, Inc. provides IBM Cloud access to user attributes and authentication that are controlled by the client's local LDAP or Active Directory. A security vulnerability exists in IBM Security Verify Brid...

Xerox AltaLink 加密问题漏洞

Xerox AltaLink is a hardware device from the American Xerox Xerox company. It provides a print-copy function. A security vulnerability exists in On Xerox AltaLink, which arises from unencrypted portions of the drive that contain executable code. The following products and versions are affected: O...

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

A severe security vulnerability in a popular video calling software development kit SDK could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research ATR team today, which found the aforementioned...

Oclean Mobile Application Encryption Issue Vulnerability

An encryption issue vulnerability exists in Oclean Mobile Application, which arises from a network system or product that does not properly use the relevant cryptographic algorithms, resulting in content that is not properly encrypted, weakly encrypted, and sensitive information stored in plainte...

JetBrains Ktor framework 加密问题漏洞

JetBrains Ktor is a web application framework from the Czech company JetBrains. A default configuration issue vulnerability exists in versions of JetBrains Ktor prior to 1.4.2, which stems from the fact that the weak password suite is enabled by default. No details of the vulnerability are provid...

IBM Security Identity Governance and Intelligence Weak Encryption Algorithm Vulnerability

IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. A weak cryptographic algorithm vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. An attacker could exploit this vulnerability to decrypt highly...