UBUNTU-CVE-2018-12983

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file...

Security Bulletin: Security vulnerability affects IBM® Rational® Team Concert

Summary IBM Rational Team Concert RTC is affected by a potential security vulnerability related to the usage of a broken or Risky Cryptographic Algorithm. Vulnerability Details CVEID: CVE-2017-1701 DESCRIPTION: IBM Team Concert RTC stores credentials for users using a weak encryption algorithm,...

Security Bulletin: IBM Security Access Manager Appliance is affected by an encryption vulnerability (CVE-2017-1473)

Summary IBM Security Access Manager Appliance has addressed the following weak encryption vulnerability. Vulnerability Details CVEID: CVE-2017-1473 DESCRIPTION: IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

Security Bulletin: Vulnerability in SSLv3 affects IBM Workload Deployer (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Workload Deployer. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability in SSLv3 affects WebSphere Lombardi Edition (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in WebSphere Lombardi Edition. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: WebSphere Lombardi Edition could allow a remote attacker t...

CVE-2018-8864

In ATI Systems Emergency Mass Notification Systems HPSS16, HPSS32, MHPSS, and ALERT4000 devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms...

CVE-2018-8864

The CVE-2018-8864 entry applies to ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, ALERT4000). The vulnerability is caused by missing encryption of sensitive data in radio transmissions, enabling a remote attacker to trigger false alarms. Affected components are the comman...

S/MIME Information Disclosure Vulnerability

S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. An attacker could exploit the vulnerability to obtain a message in plaintext form from an encrypted message...

Here's How eFail Attack Works Against PGP and S/MIME Encrypted Emails

With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after someone leaked their paper on the Internet, which was actually scheduled for tomorrow. PGP and S/MIM...

Hardcoded credentials

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

IBM BigFix Remote Control Encryption Issue Vulnerability (CNVD-2018-08559)

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. An encryption issue vulnerability exists in IBM BigFix Remote Control. A remote attacker could exploit this vulnerability by performing a man-in-the-middle attack to decrypt traffic...

CVE-2018-5261

Flexense DiskBoss 8.8.16 and earlier has a vulnerability where plaintext data from the handshake is used as input for the encryption key for the rest of the session, allowing a man-in-the-middle to access sensitive information such as authentication credentials. Source reports include NVD and CNV...

Hardcoded credentials

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the...

CVE-2017-17910

The CVE-2017-17910 issue affects Hoermann BiSecur devices (HS5-868-BS, HSE1-868-BS, HSE2-868-BS) before 2018. A attacker can capture a single radio transmission to obtain the encrypted packet and a 32-bit serial number, then derive the encryption key due to AES-128 using a static IV and static da...

FreeBSD : FreeBSD -- WPA2 protocol vulnerability (1f8de723-dab3-11e7-b5af-a4badb2f4699)

A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys TK, GTK, or IGTK by replaying a specific frame that is used to manage the keys. Impact : Such reinstallation of the encryption key can result in two different types of vulnerabilities:...

Check Point Gaia Operating System SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (sk103683) (POODLE)

The remote host is running a version of Gaia Operating System that is potentially affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in...

Boston Scientific ZOOM LATITUDE PRM Error Encryption Vulnerability

The ZOOM LATITUDE PRMs are a suite of Boston Scientific's portable cardiac rhythm management systems for communicating with implantable pacemakers and defibrillators, deployed in healthcare and public health. A false encryption vulnerability exists in the Boston Scientific ZOOM LATITUDE PRMs, whi...

CVE-2017-13084

Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Station-To-Station-Link STSL Transient Key STK during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Medium: samba

Issue Overview: Server memory information leak over SMB1: An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serve...