818 matches found
SUSE-SU-2020:1049-1 Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-19737 fixes one issue. The following security issue was fixed: - CVE-2020-1749: Fixed a vulnerability where in some cases IPv6 traffic would not be encrypted over an IPsec tunnel bsc1165629...
CVE-2020-10377
Mitel MiVoice Connect Client is affected by a weak encryption vulnerability (CVE-2020-10377) prior to version 214.100.1214.0. An unauthenticated attacker could obtain user credentials and gain system access using the compromised credentials. The vulnerability is documented in multiple feeds (NVD,...
CVE-2020-10377
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials...
Samsung Mobile Device Encryption Problem Vulnerability (CNVD-2020-31815)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices are vulnerable to encryption issues that can be exploited by attackers to compromise integrity...
GnuTLS Encryption Problem Vulnerability
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. An encryption issue vulnerability exists in versions prior to GnuTLS 3.6.13. The vulnerability stems from a network system or product that does not properly use the relevant cryptographic algorithms,...
Zoom Client for Meetings Encryption Issue Vulnerability
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. An encryption issue vulnerability exists in Zoom Client for Meetings version 4.6.9 and earlier, which stems from the fact that Zoom Client for Meetings uses ECB mode of AES for video and audio...
Code injection
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key...
Open Source Social Network Encryption Problem Vulnerability
Open Source Social Network OSSN is a source social network engine by the Swiss Ossn team. An encryption vulnerability exists in OSSN 5.3 and earlier versions. The vulnerability can be exploited to read arbitrary files by performing a brute force attack on a SiteKey to insert a specially crafted U...
It-novum OpenITCOCKPIT Encryption Issues Vulnerability
It-novum OpenITCOCKPIT is a set of open source system monitoring tools from Germany's It-novum. An encryption issue vulnerability exists in It-novum openITCOCKPIT versions prior to 3.7.3. The vulnerability stems from a network system or product that does not properly use the relevant cryptographi...
CVE-2019-12121
The CVE-2019-12121 entry concerns ONAP Portal (Dublin) and describes a padding oracle weakness in the ONAPPORTAL/processSingleSignOn UserId field. Attackers could decrypt information encrypted with the same symmetric key as UserId, affecting all Portal deployments. The connected Red Hat and other...
CVE-2019-5106
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text...
Code injection
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...
CVE-2013-4166
The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...
The vulnerability of the sal_util_str_encrypt() function (libsal.so) in the software for Zyxel routers series GS1900 allows a attacker to disclose protected information.
The vulnerability of the salutilstrencrypt function libsal.so in Zyxel router microsoftware of the GS1900 series exists due to the rigid encoding of registration data. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...
CVE-2019-3431
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access...
CVE-2019-3431
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access...
CVE-2019-18263
Philips Veradius Unity, Pulsera, and Endura Dual WAN Routers (Veradius Unity 718132 with wireless or ViewForum options; Pulsera 718095 and Endura 718075 with wireless or ViewForum options; units shipped 2016–2018) are affected by CVE-2019-18263 due to an inadequately strong encryption scheme. The...
Zabbix SIA Zabbix Encryption Issues Vulnerabilities
Zabbix SIA Zabbix is an open source monitoring system from the Latvian company Zabbix SIA. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. Zabbix SIA An encryption issue vulnerability exists in versions of Zabbix prior to 5.0, which stems fr...
Philips IntelliBridge EC40 Hub and IntelliBridge EC80 Hub Encryption Issue Vulnerability
The Philips IntelliBridge EC40 Hub and IntelliBridge EC80 Hub are both monitor modules from Philips Europe. A weak encryption vulnerability exists in the Philips IntelliBridge EC40 Hub and IntelliBridge EC80 Hub, which can be exploited by an attacker to gain unauthorized access to the EC40/80 hub...
DEBIAN-CVE-2010-3299
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...