Lucene search
K

2876 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/02/11 4:57 p.m.31 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM DataQuant for Workstation (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM DataQuant for Workstation. The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentia...

5CVSS1.4AI score0.74006EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/02/03 4:15 p.m.14 views

CVE-2021-25763

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...

5.3CVSS0.00541EPSS
Exploits0References2
OSV
OSV
added 2021/02/03 4:15 p.m.20 views

CVE-2021-25763

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...

5.3CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2021/02/03 4:15 p.m.17 views

Default credentials

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...

5CVSS5.4AI score0.00541EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/02/03 3:22 p.m.53 views

CVE-2021-25763

CVE-2021-25763 affects JetBrains Ktor prior to 1.4.2, where weak cipher suites were enabled by default in the framework. The issue is described as a default configuration flaw in Ktor’s crypto settings, potentially enabling weaker ciphers for connections. Public reports confirm the vulnerable ver...

5.3CVSS5.3AI score0.00541EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/02/03 3:22 p.m.20 views

CVE-2021-25763

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...

6.7AI score0.00541EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2021/01/26 2:0 p.m.108 views

How Page Integrity Manager Detects Real-World Magecart Attacks

Written by Ziv Eli - Engineering Manager, Security and Maor Hod - Senior Product Manager, Security In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Page Integrity Manager. The impacted customer operates a large international e-commerce busines...

7.4AI score
Exploits0
CISA
CISA
added 2021/01/05 12:0 a.m.14 views

NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations

The National Security Agency NSA has released a Cybersecurity Information CSI sheet on eliminating obsolete Transport Layer Security TLS configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS...

6.6AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 4:37 p.m.46 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Synergy (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Synergy. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS0.1AI score0.74006EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/12/22 12:0 a.m.6 views

Unspecified Vulnerability in HCL BigFix Inventory

HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...

7.5CVSS6.6AI score0.0064EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/18 5:22 a.m.8 views

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to weak cipher suites by successfully creating SSL connections

Summary AppScan determined that the site uses weak cipher suites by successfully creating SSL connections using each of the weak cipher suites listed here. Vulnerability Details Third Party Entry: PSIRT-ADV0026310 DESCRIPTION: Created from Advisory: ADV0026310 CVSS Base score: 5.9 CVSS Vector:...

1.2AI score
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2020/12/17 5:30 p.m.40 views

Cryptologists Crack Zodiac Killer's 340 Cipher

A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer’s cipher after a half century. And while the name of the elusive serial killer remains hidden, the breakthrough represents a triumph for cryptology and the basic building blocks of cybersecurity — access control an...

7.1AI score
Exploits0References10
Prion
Prion
added 2020/12/16 3:15 p.m.23 views

Code injection

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...

4.3CVSS7.5AI score0.0064EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/12/16 2:7 p.m.48 views

CVE-2020-14254

CVE-2020-14254 affects HCL BigFix Inventory up to v10.0.2, where TLS-RSA cipher suites are not disabled. The available descriptions state that if TLS 2.0 and secure ciphers are not enabled, an attacker can passively record traffic and later decrypt it. The connected documents corroborate the vuln...

7.5CVSS7.4AI score0.0064EPSS
Exploits0References1Affected Software1
Schneier on Security
Schneier on Security
added 2020/12/16 1:1 p.m.34 views

Zodiac Killer Cipher Solved

The SF Chronicle is reporting more details here, and the FBI is confirming, that a Melbourne mathematician and team has decrypted the 1969 message sent by the Zodiac Killer to the newspaper. Theres no paper yet, but there are a bunch of details in the news articles. Heres an interview with one of...

2.2AI score
Exploits0
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.8 views

HCL BigFix Inventory 安全漏洞

HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...

7.5CVSS7.1AI score0.0064EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2020/12/15 12:0 p.m.30 views

The Zodiac Killer's Cipher Is Finally Cracked After 51 Years

Amateur and professional cryptographers, including those at the FBI, had been trying to decode the infamous serial killer's message to the media for decades...

4.1AI score
Exploits0
OSV
OSV
added 2020/12/14 9:15 p.m.4 views

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

7.5CVSS7AI score0.004EPSS
Exploits0References1
NVD
NVD
added 2020/12/14 9:15 p.m.12 views

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

7.5CVSS7.8AI score0.004EPSS
Exploits0References1
Prion
Prion
added 2020/12/14 9:15 p.m.15 views

Design/Logic Flaw

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

5CVSS7.7AI score0.004EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder