Code injection

The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2017-20001

Technical details for CVE-2017-20001 are not publicly available in the provided documents. Monitor for updates from the listed sources to obtain concrete information on affected products, vulnerability scope, and remediation.

IBM Cloud Pak for Security Weak Encryption Algorithm Vulnerability

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A weak cryptographic algorithm vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product usin...

CVE-2020-4624

IBM Cloud Pak for Security 1.3.0.1 CP4S uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information...

IBM Cloud Pak for Security 加密问题漏洞

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A weak cryptographic algorithm vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product usin...

CVE-2020-4937

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814...

IBM Sterling B2B Integrator 加密问题漏洞

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs. A weak cryptographic algorithm vulnerability exists in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 - 6.0.3.2. An attacker could exploit this...

IBM Security Guardium Big Data Intelligence (SonarG) Information Disclosure Vulnerability

IBM Security Guardium and IBM Security Guardium Big Data Intelligence SonarG are both products of IBM Corporation in the U.S. IBM Security Guardium is a suite of platforms that provide data protection capabilities. The platform includes features such as customized UI, report management, and...

CVE-2020-4254

IBM Security Guardium Big Data Intelligence 1.0 SonarG uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560...

Default credentials

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

UBUNTU-CVE-2020-11031

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

IBM Security Guardium Insights Information Disclosure Vulnerability (CNVD-2020-49935)

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. IBM Security Guardium Insights 2.0.1 suffers from an information disclosure vulnerability that can be exploited by an attacker t...

IBM Security Guardium Insights Information Disclosure Vulnerability (CNVD-2020-49936)

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. IBM Security Guardium Insights 2.0.1 suffers from an information disclosure vulnerability that can be exploited by an attacker t...

CVE-2020-4174

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683...

CVE-2019-18256

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit...

IBM API Connect Information Disclosure Vulnerability (CNVD-2020-36386)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 2018.4.1.0 through 2018.4.1.11, whic...

CVE-2020-4191

IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852...

Hardcoded credentials

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-cod...

Fortinet FortiClient Trust Management Issue Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

CVE-2020-4349

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423...