IBM API Connect weak encryption vulnerability (CNVD-2020-17503)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A weak encryption vulnerability exists in IBM API Connect versions V5.0.0.0 through 5.0.8.7iFix3...

Duplicate Advisory: python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended

Withdrawn: Duplicate of GHSA-2fch-jvg5-crf6...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1221)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-9435

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

Hardcoded credentials

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

CVE-2020-9435

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

CVE-2020-9435

CVE-2020-9435 affects Phoenix Contact TC Router/TC Cloud Client: devices listed (e.g., 3002T-4G, 2002T-3G, and variants) ship a hardcoded certificate and key used by default for web services. Root cause is the static certificate, enabling impersonation, MITM, or passive decryption if not replaced...

CVE-2019-10705

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

CVE-2019-10705

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

Authentication flaw

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

CVE-2019-10705

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

CVE-2019-10705

CVE-2019-10705 affects Western Digital SanDisk X600 SATA SSDs. The vulnerability is in the drive’s access control mechanism, potentially allowing data to be decrypted without authentication. Public materials identify this as part of a set of SED flaws (with CVEs including 2018-12037/12038 and 201...

A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data

Affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and various Wi-Fi routers...

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug CVE-2019-15126 stems from the use of an all-zero encryption key in chips made by...

New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Dubbed 'Kr00k' and track...

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

CVE-2019-5137

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...

CVE-2019-5137

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...

Hardcoded credentials

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...