CVE-2018-5461

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensiti...

CVE-2018-5298

In the Procter & Gamble "Oral-B App" aka com.pg.oralb.oralbapp application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences...

UBUNTU-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

PYSEC-2017-26

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

DEBIAN-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

samba: SMB2 connections don't keep encryption across DFS redirects

A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack...

CVE-2017-9645

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...

The vulnerability of the Android operating system from the CAF repository exists due to insufficiently robust data encryption. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Android operating system from the CAF repository is related to insufficiently robust data encryption. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information, as insecure algorithms we...

SQL Injection Vulnerability in phpcms 'random' Function

phpcms is a website management software. A SQL injection vulnerability exists in phpcms. Due to lax encryption control of the random function, the value of authkey can be obtained, leading to SQL injection and allowing attackers to exploit the vulnerability to obtain sensitive database informatio...

EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1027)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...

CVE-2017-5160

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly...

The vulnerability of the iOS operating system, which allows a hacker to bypass cryptographic security measures

The vulnerability of the iOS operating system’s Profiles component is related to insufficient encryption strength. Exploiting this vulnerability allows a malicious actor to infiltrate the vulnerable Simple Certificate Enrollment Protocol SCEP component and circumvent cryptographic security measur...

FEI news router K1 information disclosure vulnerability

Reference source: FEI news mainstream router K1 loopholes and collect user information FEI news PSG1208K1is Fibonacci Telecommunications Company, the main push of a home router product, we through the analysis of a router firmware find there are a lot of problems. First, we use a firmware analysi...

Zend Framework < 2.4.9 Encryption Weakness

Binary data 9137.prm...

Mousejack Attacks Abuse Vulnerable Wireless Keyboard, Mouse Dongles

Wireless keyboards and mice are the latest peripherals to put enterprise networks and user data at risk. Researchers at Bastille Networks today said that non-Bluetooth devices from seven manufacturers including Logitech, Dell and Lenovo are vulnerable to so-called Mousejack attacks that would all...

USN-2830-1 openssl vulnerabilities

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10...

Default credentials

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli ...

The vulnerability of the OpenSSL library, which allows attackers to carry out attacks aimed at reducing the security of encryption algorithms

The vulnerability of the OpenSSL library is related to errors in cryptographic transformations. Exploiting this vulnerability allows a malicious actor, operating remotely and having access to the data transmission channel, to carry out attacks aimed at reducing the resilience of encryption...

Open Smart Grid Protocol Alliance Plan to Fix its Weak Crypto

The Open Smart Grid Protocol Alliance, which recently came under fire for a weak crypto implementation in its protocol, will upgrade existing devices, likely starting in September. Harry Crijns, secretary of the OSGP Alliance in The Netherlands, said fixes have been developed and are “under a...

“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net

Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...