Lucene search
K

2877 matches found

NVD
NVD
added 2022/03/03 3:15 p.m.13 views

CVE-2021-43774

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer e.g., by using the default credentials can download the address book file, which contains the list of users domain users, FTP users...

4.9CVSS0.00675EPSS
Exploits1References3
Prion
Prion
added 2022/03/03 3:15 p.m.17 views

Default credentials

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer e.g., by using the default credentials can download the address book file, which contains the list of users domain users, FTP users...

3.5CVSS5.1AI score0.00675EPSS
Exploits1References3Affected Software131
CVE
CVE
added 2022/03/03 2:32 p.m.120 views

CVE-2021-43774

The CVE affects Fujifilm DocuCentre-VI C4471 (1.8) devices. An attacker who gains access to the printer’s administrative web interface (e.g., via default credentials) can download the address book file containing user lists (domain/FTP users, etc.). The passwords are protected by a weak cipher (e...

4.9CVSS5AI score0.00675EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/03/03 2:32 p.m.25 views

CVE-2021-43774

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer e.g., by using the default credentials can download the address book file, which contains the list of users domain users, FTP users...

5.3AI score0.00675EPSS
Exploits1References3
RustSec
RustSec
added 2022/02/28 12:0 p.m.18 views

Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

7.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.86 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Security Network Intrusion Prevention System (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

5CVSS4.6AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:50 p.m.48 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Tivoli Storage Productivity Center (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Tivoli Storage Productivity Center. UPDATED 1/29/2018: Even after fixing this vulnerability some vulnerability checks might still demand for an even tighter fix. A more comprehensive fix has bee...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:27 p.m.26 views

Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console affects Tivoli Storage Productivity Center (CVE-2017-1501)

Summary There is a potential security vulnerability in the WebSphere Application Server Admin Console affecting Tivoli Storage Productivity Center if you have updated the web services security bindings settings. If you changed the cipher suites in the web services security bindings settings, they...

5.9CVSS5.9AI score0.02033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:27 p.m.35 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ Technology Edition that is shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in October...

7.5CVSS1.3AI score0.95707EPSS
Exploits7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.17 views

flynn/noise has improper nonce handling yielding potential state DoS

The Go package github.com/flynn/noise, a Noise Protocol implementation, has two bugs in nonce handling in versions prior to v1.0.0. Issue 1: Potential nonce overflow If 264 18.4 quintillion or more messages are encrypted with Encrypt after handshaking, the nonce counter will wrap around, causing...

7.3AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.4 views

PT-2022-11591 · Noise · Noise

Name of the Vulnerable Software and Affected Versions: github.com/flynn/noise versions prior to v1.0.0 Description: The Noise protocol implementation has weakened cryptographic security after encrypting 2^64 messages and is vulnerable to a potential denial of service attack. After 2^64 messages a...

7.5CVSS7.2AI score0.00354EPSS
Exploits0References14
NVD
NVD
added 2022/02/09 4:15 p.m.17 views

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

7.8CVSS0.0016EPSS
Exploits0References1
OSV
OSV
added 2022/02/09 4:15 p.m.5 views

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

7.8CVSS5.7AI score0.0016EPSS
Exploits0References1
Prion
Prion
added 2022/02/09 4:15 p.m.25 views

Design/Logic Flaw

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

2.1CVSS7.6AI score0.0016EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/02/09 3:17 p.m.120 views

CVE-2021-40363

CVE-2021-40363 affects Siemens SIMATIC PCS 7 and WinCC products. The underlying issue is that the affected component stores local system account credentials in a publicly accessible project file using an outdated cipher algorithm, enabling an attacker to brute-force credentials and take over the ...

7.8CVSS7.3AI score0.0016EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.5 views

PT-2022-4093 · Siemens · Simatic Pcs 7 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC WinCC versions V7.4 through V7.5 SIMATIC WinCC versions V15 through V17 Description: The issue is related to a potential information leak about files and directories. An attacker may exploit th...

7.8CVSS7.3AI score0.0016EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/01/25 12:0 a.m.6 views

The vulnerability in the implementation of the Transport Layer Security (TLS) protocol of the libcurl library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Transport Layer Security TLS protocol implementation in the libcurl library is related to errors in security settings when the CURLOPTSSLCIPHERLIST configuration option is used. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain...

5.3CVSS6.5AI score0.02979EPSS
Exploits1References10Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/01/20 12:0 a.m.554 views

SSL/TLS Recommended Cipher Suites

The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites: TLSv1.3: - 0x13,0x01 TLS13AES128GCMSHA256 - 0x13,0x02 TLS13AES256GCMSHA384 - 0x13,0x03 TLS13CHACHA20POLY1305SHA256 TLSv1.2: - 0xC0,0x2B...

5.5AI score
Exploits0References2
OSV
OSV
added 2022/01/18 9:15 p.m.2 views

DEBIAN-CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

9.1CVSS8.4AI score0.01417EPSS
Exploits0References1
OSV
OSV
added 2022/01/18 9:15 p.m.1 views

UBUNTU-CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

9.1CVSS5.8AI score0.01417EPSS
Exploits0References4
Rows per page
Query Builder