IBM Emptoris Strategic Supply Management 加密问题漏洞

The IBM Emptoris Strategic Supply Management Platform is the public portal to the Emptoris suite of products. A weak cryptographic algorithm vulnerability exists in IBM Emptoris Strategic Supply Management Platform 10.1.3. An attacker could exploit this vulnerability to decrypt highly sensitive...

CVE-2020-4898

IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989...

Exploit for Insufficiently Protected Credentials in Zyxel Usg20-Vpn_Firmware

Scanner for Zyxel products which are vulnerable due to an undo...

Code injection

The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2017-20001

The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2017-20001

Technical details for CVE-2017-20001 are not publicly available in the provided documents. Monitor for updates from the listed sources to obtain concrete information on affected products, vulnerability scope, and remediation.

The vulnerability of the SCADA system MasterSCADA, related to the storage of passwords in a decipherable format, allows a intruder to decrypt the protected control project.

The vulnerability of the SCADA system MasterSCADA relates to the storage of passwords in a readable format. Exploiting this vulnerability could allow an attacker to decrypt the passwords and access the protected project...

A week in security (December 21- December 27)

Last week on Malwarebytes Labs we warned our readers about not so festive social media scams, how Emotet returned just in time for Christmas, we tried out some free online games your kids are playing and here’s what happened, and our VideoBytes episode talked about what penetration testing tools...

The vulnerability of the CmtViewer application for controlling programmable panels stems from the use of a less secure encryption algorithm, allowing an attacker to gain full access to the device.

The vulnerability of the CmtViewer application for controlling programmable panels is related to the use of a less secure encryption algorithm. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the data transmitted over the network, decrypt it, and gain full...

Unspecified Vulnerability in HCL BigFix Inventory

HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...

UBUNTU-CVE-2020-26263

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

CVE-2020-26263

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

PYSEC-2020-143

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

GHSA-WVCV-832Q-FJG7 RSA weakness in tslite-ng

Impact The code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, code in current as of 0.8.0-alpha38 master https://github.com/tlsfuzzer/tlslite-ng/blob/0812ed60860fa61a6573b2c0e18771414958f46d/tlslite/utils/rsakey.pyL407-L441 and code in...

CVE-2020-26263 RSA vulnerability in tslite-ng

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

CVE-2020-26263

Removed by vendor...

Lennyniu Tlslite-ng Encryption Problem Vulnerability

Lennyniu Tlslite-ng is a Python-based codebase used to provide SSLv3.0, TLS 1.0, TLS 1.1 and TLS 1.2 by the individual developer Lennyniu. A cryptographically problematic vulnerability previously existed in tlslite-ng 0.7.6 and 0.8.0-alpha39, which stemmed from code that relied on data to perform...

Cryptologists Crack Zodiac Killer's 340 Cipher

A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer’s cipher after a half century. And while the name of the elusive serial killer remains hidden, the breakthrough represents a triumph for cryptology and the basic building blocks of cybersecurity — access control an...

CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...

CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...