Man-In-The-Middle (MitM)

Samba is vulnerable to man-in-the-middle attacks. This allows an attacker to spoof SMB servers and decrypt all traffic, by modifying the client-server data stream...

CVE-2018-1608

IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798...

CVE-2018-1720

IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.36, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294...

CVE-2019-1757 Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected...

CVE-2019-1757 Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected...

IBM InfoSphere Streams Information Disclosure Vulnerability

IBM Streams is a suite of real-time data analytics solutions from IBM in the United States. The product extracts, filters, analyzes and correlates large streams of continuous data and provides data analytics. A security vulnerability exists in IBM InfoSphere Streams version 4.2.1 that stems from...

PYSEC-2019-115

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...

UBUNTU-CVE-2019-9587

There is a stack consumption issue in md5Round1 located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to for example the pdfimages binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact. This is related...

PT-2019-19728 · Foolabs +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01 Description: A stack consumption issue exists in the md5Round1 function located in Decrypt.cc. This issue can be triggered by sending a crafted pdf file to the pdfimages binary, allowing an attacker to cause a Denial of...

F5 BIG-IP virtual server encryption issue vulnerability

F5 BIG-IP is an application delivery platform from F5 Inc. that integrates network traffic management, application security management, load balancing and other functions. virtual server is one of the virtual servers. A vulnerability exists in the virtual server with Client SSL profile in F5 BIG-...

Vulnerability in OpenSSL - 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

FreeBSD : OpenSSL -- Padding oracle vulnerability (7700061f-34f7-11e9-b95c-b499baebfeaf)

The OpenSSL project reports : 0-byte record padding oracle CVE-2019-1559 Moderate If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte...

The vulnerability of the Python-gnupg information encryption package lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods of the Python-gnupg encryption library exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Hardcoded credentials

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

Security Bulletin: Vulnerability in SSLv3 affects Integrated Management Module 2 (IMM2) (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Integrated Management Module 2 IMM2. Vulnerability Details Summary SSLv3 contains a vulnerability that has been referred to as the Padding Orac...

Cross site scripting

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who...

PT-2019-1354 · Gnupg +2 · Python-Gnupg +2

Name of the Vulnerable Software and Affected Versions: python-gnupg version 0.4.3 Description: The issue is related to improper input validation, allowing context-dependent attackers to trick gnupg into decrypting other ciphertext than intended. This can be achieved if the passphrase to gnupg is...

IBM DataPower Gateways Weak Encryption Algorithm Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

CVE-2018-7959

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak...

Design/Logic Flaw

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak...