Crossmatch Digital Crossmatch Digital Persona U.are.U 4500 Fingerprint Reader Encryption Issue Vulnerability

Crossmatch Digital Persona U.are.U 4500 Fingerprint Reader is a fingerprint reader from Crossmatch USA. An encryption issue vulnerability exists in version v24 of the Digital Persona U.are.U 4500 Fingerprint Reader, which can be exploited by an attacker to decrypt an encrypted fingerprint image b...

CVE-2018-18978

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...

Juju Core Joyent provider encryption issue vulnerability

Juju Infrastructure specializes in software and solutions. An encryption issue vulnerability exists in Juju Core's Joyent provider prior to version 1.25.5. The vulnerability stems from a network system or product that does not properly use the relevant cryptographic algorithms and can be exploite...

KDE Trojita Encryption Problem Vulnerability

KDE Trojita is a lightweight IMAP email client for the KDE community. A security vulnerability exists in KDE Trojita version 0.7. An attacker can exploit this vulnerability to cause information disclosure...

Cisco Small Business RV320 and Cisco Small Business RV325 Encryption Issues Vulnerabilities

The Cisco Small Business RV320 and the Cisco Small Business RV325 are both a VPN router from Cisco. The Cisco Small Business RV320 and Cisco Small Business RV325 have an encryption vulnerability that arises from a network system or product that does not properly use the relevant cryptographic...

IBM API Connect Encryption Issue Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An encryption issue vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.5,...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

IBM Security Key Lifecycle Manager Weak Encryption Algorithm Vulnerability

IBM Security Key Lifecycle Manager centralizes, simplifies and automates the encryption key management process, helping to minimize the risks and operational costs of encryption key management. A weak cryptographic algorithm vulnerability exists in IBM Security Key Lifecycle Manager 3.0 - 3.0.0.2...

Portier encryption vulnerability

Portier is an access rights management application. Portier has an encryption vulnerability. An attacker can exploit the access encryption password to gain privileges...

IBM DataPower Gateways Weak Encryption Algorithm Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

CVE-2018-19001

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required...

Updated kdeconnect-kde packages fix security vulnerability

The kdeconnect-kde package has been updated to version 1.3.3, which fixes an issue with modern encryption algorithms being disabled with SSH, and also fixes several bugs and updates compatibility with the Android app...

CVE-2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...

Hardcoded credentials

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

Code injection

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...

Spoofing

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted...

CVE-2017-13102 Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption

Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

[SECURITY] [DLA 1462-1] wpa security update

Package : wpa Version : 2.3-1+deb8u6 CVE ID : CVE-2018-14526 Debian Bug : 905739 The following vulnerability was discovered in wpasupplicant. CVE-2018-14526: | An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 | through 2.6. Under certain conditions, the integrity of EAPOL-Key |...

A large number of Bluetooth devices and systems will be protected by encryption Vulnerability CVE-2018-5383 impact-vulnerability warning-the black bar safety net

Recently, a security research expert in a certain Bluetooth device is found in a high-risk encryption Vulnerability CVE-2018-5383, and an unauthenticated attacker in physical proximity to the target device, this vulnerability will allow them to intercept, monitor or tamper with equipment of the...