UBUNTU-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

CVE-2017-0379

CVE-2017-0379 affects libgcrypt before 1.8.1, where Curve25519 side-channel attacks could allow a local attacker to recover a secret key. Public advisories indicate the flaw in cipher/ecc.c and mpi/ec.c can enable private-key recovery on multi-user systems or VMs. Remediation is to upgrade to lib...

Lemur has an unspecified vulnerability

Lemur is a Python based TLS certificate management tool. A security vulnerability exists in Lemur version 0.1.4, which stems from the program's failure to use a random IV when encrypting AES.No detailed information about the vulnerability is currently available...

CVE-2015-7764

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode...

Code injection

DISPUTED An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the...

CVE-2017-9856

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device...

CVE-2017-9857

An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...

Zoho ManageEngine OpManager Encryption Algorithm Vulnerability

Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software from Zoho. A security vulnerability exists in Zoho ManageEngine OpManager versions 11 through 12.2. An attacker can exploit the vulnerability to decode certificates...

IBM Tivoli Endpoint Manager Encryption Algorithm Vulnerability

IBM BigFix Platform is IBM's dynamic multi-technology platform that integrates message content drivers and management systems, of which Tivoli Endpoint Manager is the endpoint control software. A cryptographic algorithm vulnerability exists in Tivoli Endpoint Manager in the IBM BigFix Platform th...

Schneider Electric Pelco VideoXpert Missing Encryption Vulnerability

Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'authtoken' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in...

Google Android Encryption Problem Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. Google Android is vulnerable to encryption issues. No details of the vulnerability are provided at this time...

CVE-2017-9248

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6

An update is now available for Red Hat JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

IBM Security Access Manager Information Disclosure Vulnerability (CNVD-2017-09516)

IBM Security Access Manager is a product for information security management applications from IBM, USA. The product enables access management control through integrated devices for web, mobile and cloud computing. An information disclosure vulnerability exists in IBM Security Access Manager...

CVE-2016-10376

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions...

PT-2018-17: Information Disclosure in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200. Hash collisions in algorithms used for password encryption allow attackers to obtain passwords. How to fix...

go-jose encryption issue vulnerability

go-jose is a standard method for implementing JavaScript object signing and encryption . A cryptographic issue vulnerability exists in go-jose that stems from the program failing to validate the cryptographic public key. An attacker can exploit this vulnerability to break the curve encryption...

UBUNTU-CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...

CVE-2016-6225

CVE-2016-6225 affects Percona XtraBackup’s xbcrypt: versions prior to 2.3.6 (and 2.4.x prior to 2.4.5) fail to properly set the initialization vector (IV) for encryption, enabling context-dependent attackers to potentially obtain sensitive data from encrypted backups via a Chosen-Plaintext attack...

Vulnerability of the Server component: Security: Encryption of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Security: Encryption component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause the system to become unresponsive or, in rare cases, to crash using network...