Lucene search
K

39 matches found

Tenable Nessus
Tenable Nessus
added 2021/10/13 12:0 a.m.4712 views

SSH Weak Key Exchange Algorithms Enabled

The remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange KEX Method Updates and Recommendations for Secure Shell SSH RFC9142. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST N...

5.5AI score
Exploits0References1
Prion
Prion
added 2021/09/30 5:15 p.m.16 views

Code injection

IBM Cloud Pak for Security CP4S 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320...

5CVSS7.7AI score0.00665EPSS
Exploits0References2Affected Software1
Mageia
Mageia
added 2021/06/28 10:51 p.m.80 views

Updated java-openjdk packages fix security vulnerabilities

For java-1.8.0 Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing -...

5.9CVSS6.4AI score0.03566EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.81 views

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)

"This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

5.8CVSS6.6AI score0.03713EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2020/11/23 12:0 a.m.104 views

openSUSE Security Update : java-11-openjdk (openSUSE-2020-1984)

"This update for java-11-openjdk fixes the following issues : - Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling ...

5.8CVSS6.6AI score0.03713EPSS
Exploits0References9
CNVD
CNVD
added 2020/06/17 12:0 a.m.9 views

Schneider Electric Easergy T300 Encryption Issue Vulnerability

The Schneider Electric Easergy T300 is a remote terminal unit for the power industry from Schneider Electric, France. A cryptographic vulnerability exists in the Schneider Electric Easergy T300 using firmware version 1.5.2 and earlier, which stems from the program's use of weak cryptographic...

7.5CVSS6.6AI score0.00858EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/05/13 12:0 a.m.6 views

The vulnerability of the `send_client_hello` function in `handshake.c` of the GnuTLS cryptographic library is related to deficiencies in the cryptographic algorithms used. This vulnerability allows an attacker to gain unauthorized access to confidential data or compromise the integrity of the data.

The vulnerability of the sendclienthello function in the handshake.c file of the GnuTLS cryptographic library is related to deficiencies in the cryptographic algorithms used. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential data or compromise the...

9.4CVSS6.8AI score0.03388EPSS
Exploits0References12Affected Software6
OSV
OSV
added 2019/12/13 3:15 p.m.5 views

CVE-2019-19397

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks...

7.5CVSS7.1AI score0.00764EPSS
Exploits0References1
Prion
Prion
added 2019/12/13 3:15 p.m.22 views

Design/Logic Flaw

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks...

5CVSS7.3AI score0.00764EPSS
Exploits0References1Affected Software7
Prion
Prion
added 2019/09/17 7:15 p.m.15 views

Code injection

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880...

5CVSS7.2AI score0.00966EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/04/26 8:29 p.m.17 views

CVE-2017-17543

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak...

7.5CVSS7.6AI score0.00447EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/22 12:0 p.m.24 views

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

6.2CVSS5.6AI score0.00294EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 4:48 p.m.5 views

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

3.1CVSS7.3AI score0.01993EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/11/02 11:6 a.m.5 views

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...

4.3CVSS7.3AI score0.02793EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/11/02 11:5 a.m.8 views

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...

4.3CVSS7.3AI score0.02793EPSS
Exploits0References5
Prion
Prion
added 2016/09/18 2:59 a.m.12 views

Code injection

The client in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server...

5CVSS7.1AI score0.01603EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/04/04 12:0 a.m.2247 views

SSH Weak Algorithms Supported

Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid90317; scriptversion"1.4";...

5.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/05/28 5:36 p.m.7 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
CERT
CERT
added 2005/07/13 12:0 a.m.24 views

WebEOC implements weak algorithms to encrypt sensitive information

Overview WebEOC uses weak cryptographic algorithms to encrypt sensitive information. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information between emergency personnel and Emergency Operations Centers...

7.5CVSS7.4AI score0.00797EPSS
Exploits0References2
Rows per page
Query Builder