Lucene search
K

181 matches found

Prion
Prion
added 2021/09/27 8:15 p.m.21 views

Security feature bypass

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

5CVSS7.5AI score0.00647EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/27 7:25 p.m.50 views

CVE-2021-41096

The CVE-2021-41096 entry concerns the Rucky Android USB HID Rubber Ducky Launch Pad. Affected releases (versions 2.2 and earlier for release builds; 425 and earlier for nightly builds) use a weak cryptographic algorithm (RSA/ECB/PKCS1Padding) for encryption. The issue is addressed in v2.3 for rel...

7.5CVSS7.5AI score0.00647EPSS
Exploits0References2Affected Software1
Rosalinux
Rosalinux
added 2021/07/02 4:39 p.m.27 views

Advisory ROSA-SA-2021-1826

Software: ed 1.9 OS: Cobalt 7.9 CVE-ID: CVE-2015-2987 CVE-Crit: MEDIUM CVE-DESC: Type74 ED before 4.0 incorrectly uses 128-bit ECB encryption for small files, making it easier for attackers to obtain plaintext data by differential cryptanalysis of a file with an original length of less than 128...

7.5CVSS7AI score0.03044EPSS
Exploits0
Hacker One
Hacker One
added 2021/03/01 9:37 a.m.130 views

curl: Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c

The application is generating cryptographic keys or key pairs using a short and inadequate length. This application is using the ECB Electronic Codebook mode of operation to perform encryption, which is considered semantically insecure. Vulnerable File name :- curlntlmcore.c Vulnerable line no. 2...

2.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/09/02 12:0 a.m.32 views

Zoom Client < 4.6.10 Weak Encryption

The version of the Zoom Client installed on the remote host is prior to 4.6.10. It is, therefore, affected by a weak encryption vulnerability. Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit ke...

7.5CVSS7.7AI score0.01305EPSS
Exploits1References5
0day.today
0day.today
added 2020/05/06 12:0 a.m.59 views

TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key Vulnerability

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile, where a hardcoded encryption key is used in order to encrypt/decrypt a config...

5CVSS0.1AI score0.14397EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.95 views

EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2020-1552)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential...

6.1CVSS6.5AI score0.81466EPSS
Exploits5References5
OpenVAS
OpenVAS
added 2020/04/06 12:0 a.m.23 views

Zoom Client Insufficient Video and Audio Encryption (Apr 2020)

Zoom Client is using insufficient video and audio encryption for Meetings. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

7.5CVSS7.7AI score0.01305EPSS
Exploits1References2
NVD
NVD
added 2020/04/03 1:15 p.m.41 views

CVE-2020-11500

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key...

7.5CVSS7.6AI score0.01305EPSS
Exploits1References2
Prion
Prion
added 2020/04/03 1:15 p.m.23 views

Code injection

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key...

5CVSS7.6AI score0.01305EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/03 12:7 p.m.40 views

CVE-2020-11500

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key...

7.6AI score0.01305EPSS
Exploits1References2
Talos
Talos
added 2020/02/24 12:0 a.m.71 views

Moxa AWK-3131A ServiceAgent Use of Hard-coded Cryptographic Key

Summary The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Tested Versions Moxa AWK-3131A Firmware version 1.13 Product URLs...

7.5CVSS7.5AI score0.02304EPSS
Exploits1
Trellix
Trellix
added 2019/12/05 12:0 a.m.10 views

Analysis of LooCipher, a New Ransomware Family Observed This Year

ARCHIVED STORY Analysis of LooCipher, a New Ransomware Family Observed This Year By ATR Operational Intelligence Team · December 05, 2019 Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made using ransomware and new...

6.9AI score
Exploits0
Trellix
Trellix
added 2019/12/05 12:0 a.m.8 views

Analysis of LooCipher, a New Ransomware Family Observed This Year

ARCHIVED STORY Analysis of LooCipher, a New Ransomware Family Observed This Year By ATR Operational Intelligence Team · December 05, 2019 Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made using ransomware and new...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.28 views

F5 Networks BIG-IP : BIG-IP APM redirect vulnerability (K66171422)

Aninsecure AES ECB mode is usedfor origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts. CVE-2018-5548 Impact An attacker can forge a URL with an...

6.1CVSS6.2AI score0.01445EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2018/10/18 5:43 p.m.36 views

In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS4.9AI score0.0219EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2018/10/17 4:27 p.m.8 views

GHSA-W285-WF9Q-5W69 In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS6.9AI score0.0219EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2018/10/17 4:27 p.m.70 views

In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS5.1AI score0.0219EPSS
Exploits0References7Affected Software3
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.5 views

bouncycastle: DHIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS7.2AI score0.0219EPSS
Exploits0References4
NVD
NVD
added 2018/09/13 2:29 p.m.31 views

CVE-2018-5548

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts...

6.1CVSS6.2AI score0.01445EPSS
Exploits1References3
Rows per page
Query Builder