IBM Storwize 1.5.x / 1.6.x < 1.6.2.0 RC4 Initial Keystream Bias Vulnerability (CVE-2017-1375)

According to its self-reported version number, the IBM Storwize server running on the remote host uses a weak encryption algorithm that contains a flaw in the initial keystream generation that introduces several types of biases. These can be used in a cryptanalysis attack to disclose sensitive...

DEBIAN-CVE-2017-3736

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

unCAPTCHA algorithm can Crack Google’s AI System reCAPTCHA

By Waqas A new algorithm called unCAPTCHA has been developed by researchers This is a post from HackRead.com Read the original post: unCAPTCHA algorithm can Crack Google’s AI System reCAPTCHA...

actionpack and activesupport vulnerable to information leaks

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts...

Monitor More, Worry Less. Outpace Threats With Machine Learning.

In the past two years, enterprises have created more data than has been created in the entire history of humankind. At scale, securing this amount of data requires a re-think of how we grant and revoke access to sensitive files and, more importantly, how we identify and track the inevitable acces...

CVE-2017-14937

The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access SA data to the internal CAN bus or the OBD connector. This affects the airbag control units aka pyrotechnical control units or PCUs of unspecified passenger vehicles manufactured in 2014 or...

CVE-2017-14937

The CVE describes a vulnerability in airbag pyrotechnic control units (PCUs) affecting unspecified passenger vehicles (2014+ when ignition is on and speed

CVE-2012-6707

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a...

Huawei FusionSphere OpenStack Weak Algorithm Vulnerability

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A weak algorithm vulnerability exists in Huawei...

Security Advisory - Multiple Vulnerabilities in FusionSphere OpenStack

There is a privilege escalation vulnerability in Huawei FusionSphere OpenStack. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. Vulnerability ID: HWPSIRT-2017-07053 This...

Sudo sudoers plugin design vulnerability

Sudo is a suite of programs developed by software developer Todd C. Miller for Unix-like operating systems that allow users to execute commands in a secure manner with special privileges. sudoers plugin is one of the Sudo configuration plugin. A design flaw exists in the SHA-2 digest support of t...

Insecure Hash Algorithm

Cordova-Plugin-Device is using the insecure hash algorithm MD5. The use of the insecure hash algorithm for system device information allows an attacker to easily predict the value...

Denial Of Service (DoS)

craftcms/cms is susceptible to denial of service DoS attacks. Attackers can send password strings with no maximum length limitation, causing the server to perform a complicated hashing algorithm on a long string and hanging the server...

Authentication flaw

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM...

CVE-2017-1491

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM...

CVE-2017-1491

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM...

CVE-2017-1491

CVE-2017-1491 affects IBM QRadar Network Security 5.4. The vulnerability arises because a negotiation step allows selecting a crypto algorithm that is not the strongest available, potentially weakening protection. The IBM bulletin specifies the affected product/version as IBM QRadar Network Secur...

SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2017:2318-1)

icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU used an integer data type that is...

SUSE-SU-2017:2318-1 Security update for icu

icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU used an integer data type that is...

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...