Cisco Adaptive Security Appliance Software Software-Based SSL/TLS DoS (cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M)

According to its self-reported version, Cisco ASA Software is affected by a denial of service DoS vulnerability in the software-based SSL/TLS message handler due to insufficient validation of SSL/TLS messages upon decryption. An unauthenticated, remote attacker can exploit this, by sending a...

Binatone Motorola-branded Camera 加密问题漏洞

The Binatone Motorola-branded Camera is a Binatone licensed Motorola-branded product camera from Binatone, Inc. The vulnerability can be exploited to obtain encryption keys used to decrypt firmware update packages...

IBM Tivoli Key Lifecycle Manager 加密问题漏洞

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM Corporation. The software provides key storage, key maintenance, and key lifecycle management for storage devices.A security vulnerability exists in IBM Tivoli Key Lifecycle Manager, which stems from the...

Microsoft Windows CryptoAPI Spoofing Vulnerability

Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was fro...

Security Bulletin: Vulnerability in SSLv3 affects IBM Packaging Utility (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Packaging Utility Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follo...

Internet Bug Bounty: CVE-2021-3711: SM2 decrypt buffer overflow

CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the...

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

UBUNTU-CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

Hardcoded credentials

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

Hardcoded credentials

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-36234

CVE-2021-36234 affects the MIK.starlight 7.9.5.24363 release. The root cause is a hard-coded cryptographic key , which could allow local attackers to decrypt credentials via unspecified vectors. The impact described across sources indicates a confidential data exposure risk (credentials decrypted...

MIK.starlight 信任管理问题漏洞

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

CVE-2021-29723

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100...

Code injection

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095...

PT-2021-18432 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 2.4.3.2, 3.4.3.2, 6.0.1, and 6.0.2 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...

DEBIAN-CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...