Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit...

IBM Security Guardium 加密问题漏洞

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

Multiple Cisco Products Security Vulnerabilities

The Cisco RV110W, among others, is a router from Cisco USA. A security vulnerability exists in a number of Cisco products and stems from a flaw in the detection algorithm. The vulnerability can be exploited by an attacker to bypass configured policies. The following products and versions are...

IBM Security Guardium Insights 加密问题漏洞

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Insights 2.0.2. An attacker could exploit the...

Cloning Google Titan 2FA keys

This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take...

Researchers Find Links Between Sunburst and Russian Kazuar Malware

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that...

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named...

IBM Emptoris Strategic Supply Management Platform Weak Encryption Algorithm Vulnerability

The IBM Emptoris Strategic Supply Management Platform is the public portal to the Emptoris suite of products. A weak cryptographic algorithm vulnerability exists in IBM Emptoris Strategic Supply Management Platform 10.1.3. An attacker could exploit this vulnerability to decrypt highly sensitive...

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Only a few days into the new year, one of the first new ransomware strains of 2021 has been discovered. Dubbed Babuk Locker, the ransomware appears to have successfully compromised five companies thus far, according to new research. The research author, Chuong Dong, a computer science student at...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.3: Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one The Gitea Team reports for release 1.13.4: Fix issue popups...

CVE-2020-23250

GigaVUE-OS GVOS 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database...

CVE-2020-23250

GigaVUE-OS GVOS 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database...

Code injection

GigaVUE-OS GVOS 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database...

CVE-2020-23250

GigaVUE-OS (GVOS) versions 5.4–5.9 are affected by a vulnerability stemming from the use of a weak hashing algorithm for data stored in the internal database. Root cause: weak hash algorithm. Documented impact is low (CVSS v3.1: 2.3) with local access required and no user interaction. No exploit ...

CVE-2020-23250

GigaVUE-OS GVOS 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database...

JVN#38784555: Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H| Base Score...

CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

The vulnerability of the CmtViewer application for controlling programmable panels stems from the use of a less secure encryption algorithm, allowing an intruder to obtain the password.

The vulnerability of the CmtViewer application for controlling programmable panels is related to the use of a less secure encryption algorithm. Exploiting this vulnerability could allow an attacker to obtain the password through brute-force hashing...

Updated mbedtls packages fix security vulnerabilities

This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...

SUSE-SU-2020:3844-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation bsc1173513. - Fixed an issue where AuthorizedKeysCommand produced a lot of output bsc1161684. - Fixed an issue where oracle cluster wit...