Drupal Encryption Problem Vulnerability

Drupal is an open source content management system developed in the PHP language by the Drupal community. An encryption issue vulnerability exists in Drupal AES encryption project 7.x and 8.x, which stems from a vulnerability that does not adequately prevent an attacker from being able to decrypt...

Code injection

iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate...

Design/Logic Flaw

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

CVE-2020-25231

CVE-2020-25231 affects Siemens LOGO! 8 BM (incl. SIPLUS variants) and LOGO! Soft Comfort with all versions before 8.3. The root cause is a static cryptographic key used to encrypt program data, enabling an attacker to extract confidential information from protected program files. Impact is inform...

CVE-2020-28217

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

Nextcloud Server 19.0.1 Encryption Vulnerability (NC-SA-2020-039)

Nextcloud Server is prone to a vulnerability where it is possible to downgrade the encryption scheme and break the integrity through known-plaintext attack. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Multiple CDATA product encryption issue vulnerabilities

Shenzhen C-Data Shenzhen C-Data 72408A and so on are the products of Shenzhen C-Data Company in China.Shenzhen C-Data 72408A is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data FD1002S is a kind of terminal equipment for connecting fiber optic trunks.Shenzhen C-Data...

IBM Sterling B2B Integrator Standard Edition Weak Encryption Algorithm Vulnerability

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs. A weak cryptographic algorithm vulnerability exists in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 - 6.0.3.2. An attacker could exploit this...

CVE-2020-7565

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

CVE-2020-9128

CVE-2020-9128 affects Huawei FusionCompute 8.0.0, where an insecure encryption algorithm leads to partial information disclosure. Exploitation is described for attackers with elevated permissions, enabling information leak rather than full compromise. The Red Hat, CNVD, NVD and other feeds corrob...

Nextcloud Server Encryption Vulnerability

Nextcloud is a set of client-server software for creating network hard disks.Nextcloud Server is the server. An encryption vulnerability exists in Nextcloud Server 19.0.1. An attacker could use this vulnerability to degrade the encryption scheme and compromise the integrity of encrypted files...

Nextcloud Server Encryption Issue Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server 18.0.4, which stems from too small a random character set being used for encryption, making decryption tim...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2020-59064)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An unspecified vulnerability exists in the Server: Security: Encryption component of Oracle MySQL Server 8.0.20 and earlier. An attacker can exploit...

Unspecified Vulnerability in HCL AppScan (CNVD-2021-13713)

HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise that stems from the use of broken or risky encryption algorithms to store REST API user details. No detailed...

PT-2020-20000 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 18.0.4 Description: A too small set of random characters being used for encryption allowed decryption in a shorter time than intended. Recommendations: For Nextcloud Server version 18.0.4, update to a version that use...

SUSE-SU-2020:2896-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

...

GLPI Encryption Problem Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

IBM Data Risk Manager Weak Encryption Algorithm Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A weak cryptographic algorithm vulnerability exists in IBM Data Risk Manager 2.0.6. An attacker could exploit the vulnerability to decrypt sensitive information...