PT-2020-16372 · Python · Python Oic

Name of the Vulnerable Software and Affected Versions: Python oic versions prior to 1.2.1 Description: The issue affects client implementations using the Python oic library, a Python OpenID Connect implementation. There are several related cryptographic issues: 1 The IdToken signature algorithm w...

IBM Cloud Pak for Security Weak Encryption Algorithm Vulnerability

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A weak cryptographic algorithm vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product usin...

CVE-2020-4624

IBM Cloud Pak for Security 1.3.0.1 CP4S uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information...

CVE-2020-4624

CVE-2020-4624 affects IBM Cloud Pak for Security (CP4S) 1.3.0.1, where negotiation uses weaker cryptographic algorithms (e.g., TLS 1.0/1.1 not disabled by default), potentially allowing an attacker to decrypt sensitive information. Remediation: upgrade to CP4S v1.4.0.0 as documented by IBM.

CVE-2020-29063

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

Hardcoded credentials

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

CVE-2020-29063

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

CVE-2020-26228

TYPO3 prior to versions 9.5.23 and 10.4.10 stores user session identifiers in cleartext (no extra cryptographic hashing). The issue cannot be exploited directly and requires a chained attack (e.g., SQL injection in another component). Affected software is TYPO3 CMS (PHP-based). The remediation is...

Security Bulletin: Cryptographic Vulnerability Affects Map Editor in IBM Sterling B2B Integrator (CVE-2020-4937)

Summary IBM Sterling B2B Integrator has addressed a weak cryptographic algorithm vulnerability in the Map Tester of the Map Editor. Vulnerability Details CVEID: CVE-2020-4937 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses weaker than expected cryptographic algorithms that could...

IBM Sterling B2B Integrator 加密问题漏洞

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs. A weak cryptographic algorithm vulnerability exists in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 - 6.0.3.2. An attacker could exploit this...

Design/Logic Flaw

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

CVE-2020-9128

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

Amazon Linux 2 : nspr, nss-softokn, nss-util, nss (ALAS-2020-1559)

The version of nspr installed on the remote host is prior to 4.25.0-2. The version of nss installed on the remote host is prior to 3.53.1-3. The version of nss-softokn installed on the remote host is prior to 3.53.1-6. The version of nss- util installed on the remote host is prior to 3.53.1-1. It...

CVE-2020-27693

CVE-2020-27693 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1. The vulnerability is that administrative passwords are stored using an outdated hash. Public details in connected sources include an SEC Consult advisory listing IMSVA vulnerability data with vulnerable...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

CVE-2020-27652

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

Design/Logic Flaw

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

Design/Logic Flaw

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

CVE-2020-27652

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors...

CVE-2020-27652

Summary: CVE-2020-27652 affects Synology DiskStation Manager (DSM) via QuickConnect: an algorithm downgrade vulnerability enables MITM attackers to spoof servers and obtain sensitive information through unspecified vectors. The issue is documented across multiple sources (NVD, Synology SA-20:18, ...