EUVD-2025-209539

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2025-1241

CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2025-46833

Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem 840 (CVEs 2015-0204, 2015-0488, and 2015-1916)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition version that is used by the IBM FlashSystem 840. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - April 2015. A man-in-the-middle exploit of one of these vulnerabilities could...

PT-2020-12009 · 1Password · 1Password Scim Bridge +1

Name of the Vulnerable Software and Affected Versions: 1Password command-line tool versions prior to 0.5.5 1Password SCIM bridge versions prior to 0.7.3 Description: An issue was discovered where an insecure random number generator was used to generate various keys. This could allow an attacker...

Design/Logic Flaw

The Juniper Device Manager JDM container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local...

Security Bulletin: Vulnerability with RSA Export Keys affects IBM Systems Director (CVE-2015-0138)

Summary The FREAK: Factoring Attack on RSA-EXPORT keys TLS/SSL client and server vulnerability affects IBM Systems Director. Vulnerability Details Abstract The FREAK: Factoring Attack on RSA-EXPORT keys TLS/SSL client and server vulnerability affects IBM Systems Director. Content Vulnerability...

Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM hasaddressed the applicable CVEs...

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem 900 (CVEs 2015-0204, 2015-0488, and 2015-1916)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition version that is used by the IBM FlashSystem 900. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - April 2015. A man-in-the-middle exploit of one of these vulnerabilities could...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server shipped with IBM Tivoli Network Performance Manager (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile shipped with IBM Tivoli Network Performance Manager Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Insight (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations...

Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition, Versions 1.6 and 1.7, affect IBM SPSS Analytic Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7, that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Business Monitor (CVE-2015-0138)

Summary WebSphere Application Server is shipped as a component of IBM Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various I...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM MQ Light (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Liberty Profile Version 8.5.5 that is used by IBM MQ Light. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition...

Brute Force Decryption

OpenSSL is vulnerable to brute-force decryption attacks and RSA-to-EXPORTRSA downgrade attacks. These attacks are possible through the ssl3getkeyexchange function which offers a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue...

CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...