DEBIAN-CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage - Lenovo Support NL

No description provided...

DEBIAN-CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

CVE-2015-9235

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key RS/ES family of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm HS family...

CVE-2016-10555

Since "algorithm" isn't enforced in jwt.decodein jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key...

Code injection

Since "algorithm" isn't enforced in jwt.decodein jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key...

CVE-2016-10555

Since "algorithm" isn't enforced in jwt.decodein jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key...

CVE-2016-10555

The CVE-2016-10555 issue affects the jwt-simple library (Node.js). It arises because jwt.decode() does not strictly enforce the algorithm, allowing a malicious user to choose the JWT verification algorithm. If a server expects RSA but receives an HMAC-SHA with RSA’s public key, the public key cou...

Design/Logic Flaw

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key RS/ES family of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm HS family...

CVE-2015-9235

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key RS/ES family of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm HS family...

PT-2018-4549

Name of the Vulnerable Software and Affected Versions jsonwebtoken versions 4.2.1 and earlier Description The issue allows an attacker to bypass verification when a token digitally signed with an asymmetric key is sent, but the attacker instead sends a token digitally signed with a symmetric...

CVE-2017-9635

In Ampla MES, CVE-2017-9635 describes a vulnerability when users are configured to use Simple Security: a weakness in the password hashing algorithm could allow an attacker to reverse a user’s password. Affected products are Schneider Electric Ampla MES 6.4 and earlier. Impact details from the IC...

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung began rolling out patches over the weekend to fix six critical bugs found in its flagship Android handsets as part of its May patch bulletin. Flaws range from a remote code execution bug to a buffer overflow vulnerability, plus a peek-and-poke command bug that leaves memory locations open...

Easy Hosting Control Panel Database Password Cracking Vulnerability

Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A security vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program's use of a weak hashing algorithm and the absence of salt, which...

Design/Logic Flaw

Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...

CVE-2018-6619

Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...

CVE-2018-6619

CVE-2018-6619 affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The vulnerability stems from the use of a weak hashing algorithm without a salt for database passwords (e.g., MD5), making it easier for attackers to crack passwords. Multiple connected sources corroborate insecure cryptography a...

CVE-2018-6619

Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...

Authentication Bypass allows alarm's commands execution in iSmartAlarm(CVE-2017-7728)

Vendor: iSmartAlarm, inc. Product: iSmartAlarm cube - All iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems. It provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system, but with the benefits of a...

Variant of SynAck Malware Adopts Doppelgänging Technique

Researchers have identified a new variant of the SynAck ransomware that is now using the newly identified Process Doppelgänging to slip past antivirus programs. Researchers said this is the first ransomware seen in the wild to employ the approach. Both SynAck ransomware and Process Doppelgänging...