ZyXEL GS1900 Use of Hardcoded Passwords Vulnerability

ZyXEL GS1900 is a managed switch from ZyXEL Taiwan, China. A security vulnerability exists in the Zyxel GS1900 using firmware prior to version 2.50AAHH.0C0. The vulnerability can be exploited by an attacker to decrypt passwords with the help of hard-coded encryption keys...

Unspecified Vulnerability in ZyXEL GS1900 (CNVD-2019-41670)

ZyXEL GS1900 is a managed switch from ZyXEL Taiwan, China. A security vulnerability exists in the Zyxel GS1900 using firmware prior to this version 2.50AAHH.0C0. An attacker could exploit the vulnerability to decrypt a previously encrypted password...

PT-2019-5737 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.2.3 and below FortiAnalyzer versions 6.2.3 and below Description: The issue is related to the use of a hard-coded cryptographic key in the CLI configuration of FortiManager and FortiAnalyzer, which may allow an attacke...

Broadcom Brocade SANnav Encryption Issue Vulnerability

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in the encryption key generation process in the PBE algorithm of Broadcom Brocade SANnav versions prior to 2.0. An attacker can exploit this vulnerability to decrypt passwords...

CVE-2019-15799

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH while their...

CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

CVE-2019-15801

CVE-2019-15801 affects Zyxel GS1900 devices with firmware prior to 2.50(AAHH.0)C0. The firmware stores encrypted passwords used for diagnostics/password-recovery authentication. An attacker can decrypt these passwords using the hardcoded cryptographic key found elsewhere in the firmware, via the ...

EulerOS 2.0 SP5 : nss (EulerOS-SA-2019-2174)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...

Low: openssl

Issue Overview: No CVE associated with this advisory Affected Packages: openssl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update openssl or yum update...

Cross site scripting

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

Schneider-electric Modicon Use of Hard-coded Credentials

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

Code injection

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...

CVE-2011-4625

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...

CVE-2019-4339

IBM Security Guardium Big Data Intelligence SonarG 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418...

IBM Cloud Orchestrator Information Disclosure Vulnerability (CNVD-2019-39207)

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. An...

BSA-2019-867

Security Advisory ID : BSA-2019-867 Component : SANnav Revision : 1.0 Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

CVE-2019-4399

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260...

IBM Security Guardium Big Data Intelligence Encryption Issue Vulnerability

IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. An encryption issue vulnerability exists in IBM Security Guardi...