EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-1875)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

RHEL 9 : edk2 (RHSA-2023:2165)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2165 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

Design/Logic Flaw

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-2443

Rockwell Automation ThinManager is affected by CVE-2023-2443 due to inadequate encryption strength, allowing the use of medium-strength ciphers that could let an attacker decrypt traffic between the client and server API. Affected versions are ThinManager 13.0 to 13.0.1. Root cause is the ability...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-25072

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...

CVE-2023-25072

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...

Default credentials

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...

Default credentials

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASI...

CVE-2023-25072

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...

CVE-2023-25184

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASI...

Seiko Solutions SkyBridge 安全漏洞

Seiko Solutions SkyBridge is a series of routers from Seiko Solutions, Japan. A security vulnerability exists in Seiko Solutions SkyBridge and SkySpider. An attacker could exploit the vulnerability to decrypt the password of the product's WebUI. The following products and versions are affected:...

Security Bulletin: OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities.

Summary OpenSSL for IBM i is vulnerable to a denial of service caused by error in certificate verification CVE-2023-0464, a denial of service caused by arbitrary pointers to memcmp CVE-2023-0286, denial of service caused by a double-free error CVE-2022-4450, denial of service caused by...

PT-2023-2625

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A security-feature bypass issue exists in the Secure Boot implementation of Windows operating systems. The problem is related to errors in accessing debugging functions during the boot proces...

ALSA-2023:2165 Important: edk2 security, bug fix, and enhancement update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 edk2: integer underflow in SmmEntryPoint function...

JVN#13306058: JINS MEME CORE uses a hard-coded cryptographic key

JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. Impact A network-adjacent attacker may decrypt data acquired by a sensor of the affected product. Solution Update the firmware Update the firmware ...

CVE-2022-22313

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

IBM QRadar Data Synchronization App 加密问题漏洞

IBM QRadar Data Synchronization App is a data resiliency solution from IBM USA. An encryption issue vulnerability exists in IBM QRadar Data Synchronization App versions 1.0 through 3.0.1, which stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the...

IBM Safer Payments Encryption Issue Vulnerability

IBM Safer Payments is the first true payment processing cognitive fraud prevention solution from IBM USA. helps clients create customized, user-friendly decision models. IBM Safer Payments has a cryptographic issue vulnerability that stems from the use of weaker-than-expected encryption algorithm...