IBM DB2 Information Disclosure Vulnerability (CNVD-2021-99669)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM DB2 for Linux, UNIX, and Windows, which stems fr...

nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...

FortiAuthenticator - "Mandatory password and OTP" setting not enforcing OTP on unimported remote users

An incorrect implementation of authentication algorithm vulnerability CWE-303 in FortiAuthenticator may allow an user whose LDAP account is unimported to bypass the second factor of authentication via a RADIUS login portal...

UBUNTU-CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

IBM QRadar SIEM Encryption Issue Vulnerability

IBM QRadar SIEM is a U.S.-based solution from IBM that leverages security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture and generates detailed reports on data access and user activity. IBM QRadar ha...

Huawei Data Communication: Weak Secure Algorithm Vulnerability in Huawei Product (huawei-sa-20210512-01-infomationleak)

There is a weak secure algorithm vulnerability in Huawei products. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-22356

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions...

CVE-2021-22356

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions...

Code injection

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions...

CVE-2021-22356

CVE-2021-22356 affects Huawei security devices and modules, including IPS Module V500R005C00SPC100/SPC200, NGFW Module V500R005C00SPC100/SPC200, Secospace USG6300/USG6500/USG6600, and USG9500. The vulnerability stems from use of a weak secure algorithm in a module that can be exploited by capturi...

CVE-2021-22356

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions...

Debian DLA-2826-1 : mbedtls - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2826 advisory. Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, which could result in denial of service, information disclosure or...

Multiple Huawei products weak security algorithm vulnerabilities

Huawei USG9500 is a data center firewall product, Huawei IPS Module is an Intrusion Prevention System IPS module, and NGFW Module is a Next Generation Firewall NGFW module. A security vulnerability exists in several Huawei products due to the use of weak security encryption algorithms when...

Oracle Linux 8 : gcc-toolset-10-annobin (ELSA-2021-4592)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-4592 advisory. 9.29-1.2 - Bump and rebuild for new gcc. 2017782 9.29-1.1 - Annocheck: Add test for multibyte characters in symbol names. 2009282 Tenable has extracted the...

Oracle Linux 8 : rust-toolset:ol8 (ELSA-2021-4590)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4590 advisory. rust 1.54.0-3 - Lint against Unicode control codepoints. rust-toolset 1.54.0-1 - Update to Rust and Cargo 1.54.0. 1.53.0-1 - Update to Rust and Cargo 1.53.0...

Oracle Linux 8 : gcc-toolset-11-annobin (ELSA-2021-4591)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4591 advisory. 9.85-1.1 - Annocheck: Add test for multibyte characters in symbol names. 2017367 Tenable has extracted the preceding description block directly from the Oracle...

Oracle Linux 8 : annobin (ELSA-2021-4593)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4593 advisory. 9.72-1.2 - Bump NVR and rebuild to use the new gcc. 2017362 9.72-1.1 - Annocheck: Add test for multibyte characters in symbol names. 2017362 9.72-1 - Rebase to...

Philips Patient Information Center iX (PIC iX) and Efficia CM Series

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Philips Equipment: Patient Information Center iX PIC iX and Efficia CM Series Vulnerabilities: Improper Input Validation, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky...

Unspecified Vulnerability in IBM Tivoli Key Lifecycle Manager

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security vulnerability exists in IBM Tivoli Key Lifecycle Manager that stems fr...

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2021-91635)

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM Corporation. The software provides key storage, key maintenance, and key lifecycle management for storage devices.A security vulnerability exists in IBM Tivoli Key Lifecycle Manager, which stems from the...