Lucene search
K

48 matches found

NVD
NVD
added 2020/11/09 3:15 p.m.31 views

CVE-2020-8150

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

4.1CVSS4.3AI score0.00286EPSS
Exploits2References5
Prion
Prion
added 2020/11/09 3:15 p.m.14 views

Design/Logic Flaw

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

1.9CVSS4.5AI score0.00286EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2020/11/09 2:19 p.m.58 views

CVE-2020-8150

CVE-2020-8150 relates to Nextcloud Server 19.0.1 and describes a cryptographic downgrade where an attacker can degrade the encryption scheme and break the integrity of encrypted files. Public docs indicate this vulnerability affects Nextcloud Server 19.0.1 and is discussed in the NC-SA-2020-039 a...

4.1CVSS4.4AI score0.00286EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2020/11/09 2:19 p.m.32 views

CVE-2020-8150

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

4.2AI score0.00286EPSS
Exploits2References5
Nextcloud
Nextcloud
added 2020/08/26 12:0 a.m.33 views

Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

1.9CVSS2.8AI score0.00286EPSS
Exploits2Affected Software1
Prion
Prion
added 2019/11/04 5:15 p.m.12 views

Information disclosure

Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure...

5CVSS7AI score0.01126EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/10/18 5:43 p.m.7 views

GHSA-2J2X-HX4G-2GF4 In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS6.9AI score0.02208EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2018/08/21 9:33 p.m.17 views

Ryuk Ransomware Emerges in Highly Targeted, Highly Lucrative Campaign

A targeted new ransomware has burst on the scene, attacking well-chosen, targeted organizations worldwide with a highly sophisticated operation that may be linked to a well-known APT actor. Over the past two weeks, the Ryuk ransomware has encrypted hundreds of PCs, storage and data centers in eac...

0.7AI score
Exploits0References4
OSV
OSV
added 2018/06/04 9:29 p.m.2 views

DEBIAN-CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS6.6AI score0.02618EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/08 12:0 a.m.5 views

IEEE P1735 Cryptographic Issue Vulnerability (CNVD-2017-33396)

IEEE P1735 is a standard dedicated to encrypting the intellectual property of electronic designs. The implementation of IEEE P1735 is vulnerable to a cryptographic issue. An attacker could exploit this vulnerability to change the encryption key and inject a hardware Trojan horse into arbitrary...

7.8CVSS7AI score0.0027EPSS
Exploits0References1
0day.today
0day.today
added 2017/07/07 12:0 a.m.47 views

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure Vulnerability

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2015/07/14 2:26 p.m.17 views

New Version of TeslaCrypt Changes Encryption Scheme

A new version of the nasty TeslaCrypt ransomware is making the rounds, and the creators have added several new features, including an improved encryption scheme and some details designed to mimic CryptoWall. TeslaCrypt is among the more recent variants of ransomware to emerge and the malware, whi...

1.7AI score
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

ArGoSoft FTP Server 1.2.2 .2 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/03/27 2:43 p.m.10 views

New Platform Protects Data From Arbitrary Server Compromises

Researchers are in the midst of rolling out a secure new platform for building web applications that can protect confidential data from being stolen in the event attackers gain full access to servers. The platform, Mylar, is the result of a project spearheaded by students at the Massachusetts...

7.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2014/03/03 2:24 p.m.8 views

Apple Updates iOS Security Guide

Apple rarely offers anyone a glimpse inside its walled-off security garden. The last time it did was in the spring of 2012 when it released a detailed paper on the security of its iOS operating system for iPhones and iPads. The company also presented a much-anticipated if not anticlimactic...

0.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2013/11/22 2:32 p.m.12 views

Microsoft to Roll Out Encrypted Message Service for Office 365

Encryption, once a tool used mainly by security professionals, activists and others with reason to suspect their communications may be at risk, has been moving ever deeper into the mainstream in recent months. Now, Microsoft is planning to roll out a new encrypted email service on its Office 365...

6.6AI score
Exploits0References1
The Hacker News
The Hacker News
added 2013/10/29 1:59 p.m.9 views

Cryptolocker Ransomware makes different Bitcoin wallet for each victim

When you're online, you expose your vulnerability to malicious virus that have been growing in virulence and ferocity over the last few years. Among home PC users, you may think that you protected from malicious software by Installing an effective, trusted antivirus solution, but most if the...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2013/04/02 12:0 a.m.67 views

NETGEAR WNR1000 - Authentication Bypass

NETGEAR WNR1000 - Authentication Bypass Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter:...

0.6AI score
Exploits0
0day.today
0day.today
added 2013/04/02 12:0 a.m.23 views

Netgear WNR1000 - Authentication Bypass

Exploit for hardware platform in category web applications The web server running on the affected devices is subject to an authentication bypass issue that allows attacker to gain administrative access, circumventing existing authentication mechanisms. Strictly speaking, the web server skips...

7.1AI score
Exploits0
NVD
NVD
added 2005/05/02 4:0 a.m.16 views

CVE-2005-0809

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme fixed byte reordering to protect the key, which allows remote attackers to obtain the key via a brute force attack...

7.5CVSS6.6AI score0.01198EPSS
Exploits0References3
Rows per page
Query Builder