IBM Engineering Lifecycle Optimization Publishing 加密问题漏洞

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. IBM Engineering Lifecycle Optimization Publishing suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption...

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Cognos Controller Encryption Problem Vulnerability (CNVD-2024-47515)

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An encryption issue vulnerability exists in IBM Cognos...

PT-2024-29559 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

CVE-2024-41781

IBM PowerVM Platform KeyStore IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the H...

CVE-2024-41781

Summary: CVE-2024-41781 affects IBM PowerVM Hypervisor Platform KeyStore. If an attacker gains service access to the HMC, they can locate and decrypt data in the Platform KeyStore via service procedures. Affected versions : PowerVM Hypervisor FW950.00–FW950.90, FW1030.00–FW1030.60, FW1050.00–FW10...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...

Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)

The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...

TOTOLINK AC1200 安全漏洞

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the parameter desc in the file /cgi-bin/cstecgi.cgi that can cause a buffer overflow. An attacker can exploit this vulnerabilit...

CVE-2024-39745

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-39731

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970...

Siemens Mendix Encryption Module Hardcoded Default Encryption Key Vulnerability

The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...

PT-2024-12719 · Ibm · Ibm Security Access Manager Docker

Name of the Vulnerable Software and Affected Versions: IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

RHEL 8 : 8.2_libtpms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtpms: out-of-bounds access via specially crafted TPM 2 command packets CVE-2021-3746 - A stack...

PT-2024-25508 · Unknown · Ci-Out-Of-Office Manager

Name of the Vulnerable Software and Affected Versions: CI-Out-of-Office Manager versions through 6.0.0.77 Description: The issue concerns the use of a hard-coded cryptographic key in the software. This could potentially allow unauthorized access or decryption of sensitive data. Recommendations: F...

CVE-2023-40696

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939...

CVE-2020-4874

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...

PT-2024-10853 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...