Default credentials

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...

CVE-2012-4571

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...

CVE-2012-4571

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...

Microsoft Internet Explorer CTreeNode Use After Free (MS12-071; CVE-2012-4775)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...

Microsoft Internet Explorer CFormElement Use After Free (MS12-071; CVE-2012-1538)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...

ROCKWELL Automation ControlLogix EtherNET/IP Firmware Update Initialization

...

dedeCMS latest injection vulnerability a gold-bug warning-the black bar safety net

Brief description: Since the parameters of the variables not be initialized testing and using the class reflection skills leads to plus\feedback.php in the variable $typeid presence of injection risk. Detailed description: Since the official has already released patches and vulnerabilities are no...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20121017) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086, CVE-2012-5084, CVE-2012-5089 Multiple improper permission check issues we...

Patch Management: Tivoli Endpoint Manager Computer Info Initialization

Binary data ibmteminitinfo.nbin...

[SECURITY] Fedora 17 Update: cloud-init-0.6.3-0.5.bzr532.fc17

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

Slackware: Security Advisory (SSA:2009-051-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)

Matthias Andree reports : Fetchmail version 6.3.9 enabled 'all SSL workarounds' SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...

CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

PYSEC-2012-13

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

PYSEC-2012-13

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

UBUNTU-CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

CVE-2012-2146

Removed by vendor...

CVE-2012-2146

CVE-2012-2146 affects Elixir up to at least 0.8.0, where Blowfish in CFB mode is used without a unique initialization vector (IV). This weak IV construction can enable context-dependent users to obtain sensitive information and potentially decrypt the database. The connected documents confirm the...

CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...