EulerOS 2.0 SP8 : openssh (EulerOS-SA-2021-1159)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows...

Huawei Mate 30 Weak Algorithm Vulnerability (CVE-2021-22307)

Huawei Mate 30 is a smartphone from the Chinese company Huawei Huawei. A weak algorithm vulnerability exists in Huawei Mate 30 version 10.0.0.203 C00E201R7P2. The vulnerability stems from the program not adequately protecting against protected modules. A local attacker could exploit the...

CentOS 8 : openssl (CESA-2019:3700)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3700 advisory. - openssl: timing side channel attack in the DSA signature algorithm CVE-2018-0734 - openssl: timing side channel attack in the ECDSA signature...

JWT Key ID Injector - Simple Python Script To Check Against Hypothetical JWT Vulnerability

Simple python script to check against hypothetical JWT vulnerability. Let's say there is an application that uses JWT tokens signed HS256 algorithm. An example token looks like the follow:...

Security Advisory - Weak Algorithms Vulnerability in Huawei Smartphone

There is a weak algorithm vulnerability in Huawei smartphone. The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module. Vulnerability ID: HWPSIRT-2020-37421 This vulnerability has been assigne...

How Page Integrity Manager Detects Real-World Magecart Attacks

Written by Ziv Eli - Engineering Manager, Security and Maor Hod - Senior Product Manager, Security In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Page Integrity Manager. The impacted customer operates a large international e-commerce busines...

Dnsmasq Security Feature Issue Vulnerability (CNVD-2021-16430)

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. Dnsmasq suffers from a security vulnerability that stems from the use of a weak hash algorithm CRC32 to validate DNS responses when compiled without dnnssec. No...

IBM Security Identity Governance and Intelligence Weak Encryption Algorithm Vulnerability

IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. A weak cryptographic algorithm vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. An attacker could exploit this vulnerability to decrypt highly...

IBM Security Identity Governance and Intelligence 加密问题漏洞

IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. A weak cryptographic algorithm vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. An attacker could exploit this vulnerability to decrypt highly...

dnsmasq 加密问题漏洞

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. Dnsmasq suffers from a security vulnerability that stems from the use of a weak hash algorithm CRC32 to validate DNS responses when compiled without dnnssec. No...

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

Exploit for Improper Certificate Validation in Microsoft

CurveBall CVE-2020-0601 - PoC This vulnerability, known as...

IBM Security Guardium Data Encryption Weak Encryption Algorithm Vulnerability

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

IBM Security Guardium Insights Weak Cryptographic Algorithm Vulnerability (CNVD-2021-03713)

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Insights 2.0.2. An attacker could exploit the...

CVE-2013-1053

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions...

Default credentials

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions...

CVE-2013-1053

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions...

CVE-2013-1053 Insecure crypto for storing passwords

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions...

CVE-2021-1236

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit...

CVE-2020-4595

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819...