IBM SPSS Statistics Encryption Problem Vulnerability

IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...

IBM Security QRadar 加密问题漏洞

IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. IBM Security QRadar version 3.12 EDR suffer...

Linux Distros Unpatched Vulnerability : CVE-2021-3979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to...

IBM Cognos Controller 加密问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from an encryption issue...

GO-2022-0635 In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

Progress Telerik Report Server 信任管理问题漏洞

Progress Telerik Report Server is an enterprise-class report management and distribution solution from Progress, Inc. A trust management issue vulnerability exists in versions of Progress Telerik Report Server prior to 2024 Q4, which stems from an older algorithm used to encrypt local asset data,...

PT-2024-38244 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 (KB5044062)

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 KB5044062 Notice We have re-released the Exchange Server 2019 and 2016 November 12, 2024, security update SU to address the issue where Exchange Server stops processing Exchange Transport Rules ETR a...

SUSE CVE-2024-33662

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...

GO-2024-3172 Portainer improperly uses an encryption algorithm in the AesEncrypt function in github.com/portainer/portainer

Portainer improperly uses an encryption algorithm in the AesEncrypt function in github.com/portainer/portainer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

ROS-20241008-02

A vulnerability in the Portainer container management platform is related to an improperly used algorithm encryption algorithm in the AesEncrypt function. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the confidentiality, integrity, and availability of...

Inadequate Encryption Strength

github.com/portainer/portainer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the improper use of an encryption algorithm in the AesEncrypt function. An attacker can decrypt sensitive information or compromise data integrity by exploiting the weak encryption...

Portainer improperly uses an encryption algorithm in the AesEncrypt function

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...

CVE-2024-33662

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...

CVE-2024-33662

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...

IBM Datacap Navigator Encryption Issue Vulnerability

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly...

UBUNTU-CVE-2024-36823

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

BoringSSLAEADContext in Netty Repeats Nonces

Summary BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to...

CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...