GLPI Encryption Problem Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

IBM Data Risk Manager Weak Encryption Algorithm Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A weak cryptographic algorithm vulnerability exists in IBM Data Risk Manager 2.0.6. An attacker could exploit the vulnerability to decrypt sensitive information...

USN-4376-2: OpenSSL vulnerabilities

USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered...

CVE-2020-4452

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324...

CVE-2020-9289

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

NewStart CGSL MAIN 4.06 : openssl Vulnerability (NS-SA-2019-0176)

The remote NewStart CGSL host, running version MAIN 4.06, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...

CVE-2019-4151

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512...

CVE-2018-1720

IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.36, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294...

F5 BIG-IP virtual server encryption issue vulnerability

F5 BIG-IP is an application delivery platform from F5 Inc. that integrates network traffic management, application security management, load balancing and other functions. virtual server is one of the virtual servers. A vulnerability exists in the virtual server with Client SSL profile in F5 BIG-...

Vulnerability in OpenSSL - 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

FreeBSD : OpenSSL -- Padding oracle vulnerability (7700061f-34f7-11e9-b95c-b499baebfeaf)

The OpenSSL project reports : 0-byte record padding oracle CVE-2019-1559 Moderate If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte...

The vulnerability in the implementation of the TLS protocol in the FortiOS operating system allows a attacker to decrypt messages without knowing the secret key, thereby carrying out a “man-in-the-middle” attack.

Vulnerability of the TLS protocol implementation in the FortiOS operating system, caused by defects in the encryption algorithm implementation. Exploiting this vulnerability allows a malicious actor to decrypt messages without knowing the secret key, thereby carrying out a “man-in-the-middle”...

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for Wi-Fi wireless networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

The vulnerability of the WPA2 protocol, related to errors in the management of cryptographic keys (Tunered Direct Link PeerKey), allows access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for Wi-Fi wireless networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

CVE-2017-10606

Version 4.40 of the TPM Trusted Platform Module firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration...

BSA-2017-445

Security Advisory ID : BSA-2017-445 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...

BSA-2017-500

Security Advisory ID : BSA-2017-500 Component : Apache HTTPD Revision : 1.0: Final It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decryp...

Cisco Prime LAN Management Solution Hardcoding Vulnerability

Cisco Prime LAN Management Solution is a LAN-based network management solution from Cisco. A hard-coded vulnerability exists in Cisco Prime LAN Management Solution, which allows a local attacker to decrypt data in the LMS database using a hard-coded key to compromise an affected device...