IBM Tivoli Identity Manager and Security Identity Manager Information Disclosure Vulnerability (CNVD-2018-08708)

IBM Tivoli Identity Manager and Security Identity Manager are both products of IBM Corporation of the U.S.A. IBM Tivoli Identity Manager is a suite of identity management software used to manage user rights across heterogeneous IT resources.Security Identity Security Identity Manager is an identi...

CVE-2017-1473

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605...

Design/Logic Flaw

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to...

CVE-2016-10433

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808...

Memory corruption

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808...

CVE-2016-10433

CVE-2016-10433 is an Android/Qualcomm TOCTOU vulnerability during SSD image decryption that can cause memory corruption on affected Snapdragon Mobile/Automotive/Wear platforms (various SDP/SD devices). The issue affects Android images prior to the 2018-04-05 security patch level; Android/patched ...

CVE-2016-10433

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808...

IBM BigFix Remote Control Encryption Issue Vulnerability (CNVD-2018-08559)

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. An encryption issue vulnerability exists in IBM BigFix Remote Control. A remote attacker could exploit this vulnerability by performing a man-in-the-middle attack to decrypt traffic...

Code injection

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU...

CVE-2018-5507

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU...

CVE-2018-5507

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU...

CVE-2018-5507

CVE-2018-5507 affects F5 BIG-IP vCMP guests on VIPRION 2100/4200/4300 blades and BIG-IP releases: 13.0.0, 13.0.1; 12.1.0–12.1.3 (incl. 12.1.3.2); 11.6.1–11.6.2; 11.5.1–11.5.5. The root cause is incorrect decryption of ciphertext from established SSL sessions when MTU is small. Remediation provide...

Libsodium - A Modern, Portable, Easy To Use Crypto Library

Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all o...

Encryption 101: decryption tool code walkthrough

We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in...

Moxa Mxview Information Disclosure Vulnerability

Moxa MXview is a network management software for monitoring and diagnosing industrial networks. An information disclosure vulnerability exists in Moxa Mxview version 2.8 and earlier. The vulnerability arises because the private key of the web server in Moxa Mxview can be read and accessed via HTT...

Fake Software Update Abuses NetSupport Remote Access Tool

Over the last few months, FireEye has tracked an in-the-wild campaign that leverages compromised sites to spread fake updates. In some cases, the payload was the NetSupport Manager remote access tool RAT. NetSupport Manager is a commercially available RAT that can be used legitimately by system...

CVE-2017-3969

Abuse of communication channels vulnerability in the server in McAfee Network Security Management NSM before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL...

Fedora 26 : python-paramiko (2018-c1769746da)

A flaw was found in the implementation of transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step. This flaw is a user authentication bypass in the SSH Server...

CVE-2015-7432

IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861...

Default credentials

IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861...