Information disclosure

Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol...

IBM Security Guardium Big Data Intelligence Encryption Issue Vulnerability

IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. An encryption issue vulnerability exists in IBM Security Guardi...

CVE-2019-18199

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks...

CVE-2019-8237

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful exploitation could lead t...

Authentication Bypass

Overview Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

UBUNTU-CVE-2019-2924

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)

A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced...

Oracle MySQL Server Information Disclosure Vulnerability (CNVD-2019-36881)

MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the Server: Security: Encryption component in Oracle MySQL Server 5.6.45, 5.7.27, and earlier versions. An attacker could exploit this...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

Alfresco Software Alfresco Community Edition Encryption Issue Vulnerability

Alfresco Software Alfresco Community Edition is the United States Alfresco Software, Inc. of a set of open source enterprise content management system community edition. The system includes document management , office collaboration and other functions . An encryption vulnerability exists in...

Johnson Controls Metasys system Trust Management Issues Vulnerability

Johnson Controls Metasys system is the United States Johnson Controls Johnson Controls company's set of building automation system. A trust management issue vulnerability exists in the Johnson Controls Metasys system prior to version 9.0, which arises from the Metasys ADS/ADX server and NAE/NIE/N...

Code injection

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

CVE-2019-13603

An issue was discovered in the HID Global DigitalPersona formerly Crossmatch U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combinatio...

JetBrains TeamCity Encryption Security Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An encryption issue vulnerability exists in...

F5 BIG-IP Encryption Problem Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. The F5 BIG-IP is vulnerable to an encryption issue. An attacker could exploit this vulnerability to decrypt encrypted...

Mailvelope Encryption Problem Vulnerability

Mailvelope is a suite of open source extensions for using in-browsers. The program is primarily used for end-to-end encryption of email traffic within a web browser. A cryptographic issue vulnerability exists in Mailvelope versions prior to 3.3.0, which arises from a network system or product tha...

IBM DB2 Encryption Issues Vulnerabilities

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 is vulnerable to an encryption issue. An attacker could exploit this vulnerability to decrypt...

IBM Security Access Manager Appliance Weak Encryption Algorithm Vulnerability

IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from IBM, USA. The product is mainly used for access control and Web-based threat protection, providing system performance monitoring, log analysis and diagnosis. A security vulnerability exists in...

TP-Link TL-WR1043ND Encryption Issue Vulnerability

The TP-Link TL-WR1043ND is a wireless router from China P&L TP-Link. An encryption issue vulnerability exists in the TP-Link TL-WR1043ND V2. The vulnerability stems from a network system or product that does not properly use the relevant cryptographic algorithms, and can be exploited by an attack...

CVE-2019-12813

The CVE-2019-12813 issue affects Digital Persona U.are.U 4500 Fingerprint Reader v24. The encryption obfuscation for fingerprint images uses a key and salt that appear in cleartext when transferring the image to the driver. An attacker that can sniff a captured fingerprint image could decrypt it ...