CVE-2019-4325

CVE-2019-4325 affects HCL AppScan Enterprise; root cause is the use of broken or risky cryptographic algorithms to store REST API user details. Impact and remediation details are not explicitly provided in the connected documents; refer to the CVE entry for basic score context (MEDIUM) and the ve...

CVE-2019-4325

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...

CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

Authentication flaw

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

CVE-2020-26511

The CVE-2020-26511 entry concerns the WordPress plugin wpo365-login prior to v11.7. The issue is that the plugin uses a symmetric algorithm to decrypt a JWT token, enabling authentication bypass. Concrete details from connected sources specify the affected product (WordPress plugin wpo365-login),...

CVE-2020-26511

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass...

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

...

CVE-2020-11031

CVE-2020-11031 affects GLPI prior to 9.5.0 where the encryption algorithm is insecure and data security relies on user-chosen password strength. An attacker could decrypt data if a weak/predictable password is used. The issue is addressed in GLPI 9.5.0 by switching to a more secure library (sodiu...

IBM Data Risk Manager weak encryption algorithm vulnerability (CNVD-2020-53514)

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A weak cryptographic algorithm vulnerability exists in IBM Data Risk Manager 2.0.6. An attacker could exploit the vulnerability to decrypt highly sensitive information...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not...

Certificate Signature Forging

gnupg2 allows forging of certificate signature. Certificate signatures can be forged using collisions found in the SHA-1 algorithm. An attacker is able to exploit the vulnerability to create forged certificate signatures...

Philips Clinical Collaboration Platform Algorithm Degradation Vulnerability

Philips Clinical Collaboration Platform is an HMI data management platform. An algorithm degradation vulnerability exists in Philips Clinical Collaboration Platform version 12.2.1 and earlier. The vulnerability stems from the software failing to properly control the allocation and maintenance of...

USN-4516-1 gnupg2 vulnerability

It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to reve...

USN-4516-1: GnuPG vulnerability

It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to reve...

CVE-2020-25728

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm involving an increment that allows a malicious user to change any user's account password include the admin account...

CVE-2020-25728

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm involving an increment that allows a malicious user to change any user's account password include the admin account...

Default credentials

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm involving an increment that allows a malicious user to change any user's account password include the admin account...

CVE-2020-25728

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm involving an increment that allows a malicious user to change any user's account password include the admin account...

ICSMA-20-261-01_Philips Clinical Collaboration Platform

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Clinical Collaboration Platform Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade,...

Tiandy IPC / NVR 9.12.7 Credential Disclosure

Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...