IBM Tivoli Key Lifecycle Manager 加密问题漏洞

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM Corporation. The software provides key storage, key maintenance, and key lifecycle management for storage devices.A security vulnerability exists in IBM Tivoli Key Lifecycle Manager, which stems from the...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. Cisco Firepower Management Center has security vulnerabilities that stem from improper encryption of sensitive information stored in the GUI configuration manager. An attacker could exploi...

CVE-2021-38461

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...

Hcl Technologies Hcl Traveler Companion 加密问题漏洞

Hcl Technologies Hcl Traveler Companion is an ios Iphone and Ipad application from Hcl Technologies India. It is used to read encrypted Hcl Notes emails on Apple devices. HCL Traveler Companion suffers from an encryption issue vulnerability that stems from the software's susceptibility to an iOS...

CVE-2021-38464 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session...

IBM Cloud Pak for Security 加密问题漏洞

IBM Cloud Pak for Security CP4S is an open security platform from IBM that connects to your existing data sources, generates deeper insights, and enables you to act faster with automation. IBM Cloud Pak for Security CP4S suffers from an encryption issue vulnerability in versions 1.7.0.0, 1.7.1.0,...

Cyberark Software CyberArk Credential Provider 加密问题漏洞

Cyberark Software CyberArk Credential Provider is an installation credential provider program from CyberArk Software Cyberark Software, Israel. CyberArk Software CyberArk Credential Provider prior to version 12.1 has an encryption issue vulnerability that stems from an inadequate encryption metho...

The vulnerability of the S/MIME protocol implementation in the Thunderbird email client allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the S/MIME protocol implementation in Thunderbird’s email client is related to insufficiently secure data encryption. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

PT-2021-17481 · Ypsomed · Ypsomed Mylife App +1

Name of the Vulnerable Software and Affected Versions: Ypsomed mylife Cloud versions prior to 1.7.2 Ypsomed mylife App versions prior to 1.7.5 Description: The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which...

IBM Cloud Pak for Applications加密问题漏洞

IBM Cloud Pak for Applications is an application from IBM USA, Inc. IBM Cloud Pak for Applications v4.3 contains a security vulnerability that stems from the fact that IBM Cloud Pak for Applications uses a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decry...

MDT AutoSave 代码问题漏洞

MDT AutoSave is a software application. It provides an automated change management function. A code issue vulnerability exists in MDT AutoSave that stems from insufficient software encryption strength. An attacker could use this vulnerability to break the encryption and gain access to the system...

IBM Resilient 安全漏洞

IBM Resilient is a suite of incident response platforms from IBM in the United States. The platform supports functions such as incident response process orchestration and incident management. A security vulnerability exists in IBM Resilient OnPrem, which can be exploited by an attacker to obtain...

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

IBM Jazz Team Server 加密问题漏洞

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A security vulnerability exists in IBM Jazz...

DEBIAN-CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the calle...

UBUNTU-CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the calle...

Arch Linux libtpms 安全特征问题漏洞

Arch Linux libtpms is a US Arch Linux open source application. A library that provides software emulation of Trusted Platform Modules TPM 1.2 and TPM 2.0. Arch Linux libtpms 0.8.2 suffers from a security signature issue vulnerability that stems from not returning the last initialization vector, b...

Grid Solutions GE MU320E 加密问题漏洞

The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. An insufficient cryptographic strength vulnerability exists in the firmware prior to GE MU320E 04A00.1. The vulnerability stems from some aspects of the SSH server configuration file not being...

CVE-2020-25229

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any...

CVE-2020-7565

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...