27 matches found
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 use DES-CBC with keys/IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to ~19,000 values. An unauthenticated attacker can query the attachment download endpoint to recover the seed and forge sharing tokens for e...
MiracleLinux 7 : python-2.7.5-69.0.1.el7.AXS7 (AXSA:2018-3246:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3246:03 advisory. A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the- middle attacker could use this flaw to recover some...
EUVD-2012-5224
Malware in sbrugna...
EUVD-2021-27520
Malicious code in bioql PyPI...
CVE-2021-40341
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B...
Code injection
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B...
CVE-2021-40341
CVE-2021-40341 involves the use of DES to encrypt user credentials in Hitachi Energy FOXMAN-UN and UNEM network-management products. The affected families span FOXMAN-UN R9C–R16A and UNEM R9C–R16A. The root cause is the inadequate encryption strength of DES (56-bit key), which enables decryption ...
PT-2023-12361 · Hitachi Energy · Hitachi Energy Foxman-Un +1
Name of the Vulnerable Software and Affected Versions: Hitachi Energy FOXMAN-UN versions R9C through R16A Hitachi Energy UNEM versions R9C through R16A Description: The DES cipher, which has inadequate encryption strength, is used in Hitachi Energy FOXMAN-UN to encrypt user credentials used to...
UBUNTU-CVE-2022-23408
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...
libssh: denial of service when handling AES-CTR (or DES) ciphers
A flaw was found in the way libssh handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system...
DEBIAN-CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...
ALPINE-CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...
openSUSE Security Update : libressl (openSUSE-2019-644)
This update for libressl to version 2.8.0 fixes the following issues : Security issues fixed : - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. Other bugs fixed : - Fixed a pair of 20+...
Security update for java-11-openjdk (important)
openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...
SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...
SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...
Weak SSL DES Cipher Suites
DES is a widely supported stream cipher often preferred by TLS servers and other servers using encrypted sessions. Recent cryptanalysis results one of which is the SWEET32 exploit biases in the DES keystroke to recover repeatedly encrypted plain-texts. As a result DES can no longer be seen as...
Amazon Linux AMI : openssl (ALAS-2016-755)
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. CVE-2016-2178 It was...
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160927)
Security Fixes : - A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all...
CentOS Update for openssl CESA-2016:1940 centos7
Check the version of openssl SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882566";...