Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20190821-02-algorithm)

There is a weak algorithm vulnerability in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Huawei Data Communication: Weak Algorithm Vulnerability in Huawei VRP Platform (huawei-sa-20191204-01-vrp)

There is a weak algorithm vulnerability in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs

Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task in which testing candidates' domain knowledge is a core component of the hiring process. A common practice is for each organization to put togethe...

IBM Planning Analytics Encryption Issue Vulnerability

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. IBM Planning Analytics suffers from an encryption issue vulnerability that stems from a weak...

Rockwellautomation Micrologix Use of a Broken or Risky Cryptographic Algorithm

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. File data ot500367.nasl...

Beckhoff Twincat Use of a Broken or Risky Cryptographic Algorithm

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption...

Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale uses weaker than expected cryptographic algorithms that could allow an attacker to...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20180704-01-algorithm)

There is a weak algorithm vulnerability in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20180703-01-algorithm)

There is a weak algorithm vulnerability in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Huawei Data Communication: Weak Algorithm Vulnerability in Huawei USG product (huawei-sa-20170802-01-usg)

There is a weak algorithm vulnerability in Huawei USGUSG6300/USG6600 products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program ...

Huawei Data Communication: Deploying IS-IS Authentication

IS-IS authentication is deployed to prevent attackers from attempting to use the control plane protocol to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Huawei Data Communication: Configuring OSPF Authentication

OSP authentication is configured to prevent attackers from attempting to use control plane protocols to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...

CVE-2019-13022

Bond JetSelect (all versions) has a vulnerability in ENCtool.jar password generation where the plaintext password is XORed into an “encrypted” value stored in the database, making the initial admin passwords trivially reversible and enabling privilege escalation to modify/delete networking config...

CVE-2020-11035

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

CVE-2020-11035

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

CVE-2020-11035

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

Cross site request forgery (csrf)

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

CVE-2020-11035

In GLPI, CVE-2020-11035 affects versions after 0.83.3 and before 9.4.6, where CSRF tokens are generated using an insecure algorithm (rand, uniqid, MD5). The issue is addressed in version 9.4.6. This vulnerability arises from the token generation mechanism, not from network access details in the p...

CVE-2020-11035 weak CSRF tokens in GLPI

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

java security update

CentOS Errata and Security Advisory CESA-2020:1509 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...