Key Exchange without Entity Authentication

Overview apache-airflow-providers-google is a Provider for Apache Airflow. Implements apache-airflow-providers-google package Affected versions of this package are vulnerable to Key Exchange without Entity Authentication due to SSH host key verification being disabled by default in the...

Key Exchange without Entity Authentication

Overview Affected versions of this package are vulnerable to Key Exchange without Entity Authentication in the SFTP implementation in the wolfSSH backend. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack. Note: This issue affects only users that bui...

EUVD-2021-25315

Malware in sbrugna...

EUVD-2021-16253

Malware in sbrugna...

EUVD-2021-2752

Malicious code in bioql PyPI...

Authentication Bypass

Matrix Android SDK 2 is vulnerable to authentication bypass. The vulnerability exists in onRoomKeyEvent function of DefaultCryptoService.kt due to lack of entity authentication for key forwarding strategy which allows an attacker to cooperate with a malicious home server...

CVE-2021-38878

IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756...

Authentication flaw

IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756...

CVE-2021-38878

IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756...

Security Bulletin: IBM QRadar SIEM Performs Key Exchange Without Entity Authentication on Inter-Host Communications (CVE-2021-29779)

Summary IBM QRadar SIEM Performs Key Exchange Without Entity Authentication on Inter-Host Communications Vulnerability Details CVEID: CVE-2021-29779 DESCRIPTION: IBM QRadar could allow an attacker to obtain sensitive information due to the server performing key exchange without entity...

IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2021-94163)

IBM QRadar SIEM is a suite of solutions from IBM USA that leverages security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRad...

CVE-2021-29779

IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033...

Authentication flaw

IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033...

CVE-2021-0133

Key exchange without entity authentication in the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access...

Authentication flaw

Key exchange without entity authentication in the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access...

CVE-2021-0133

The CVE-2021-0133 issue affects Intel® Security Library prior to 3.3. It is caused by a key exchange that is not entity-authenticated, which may allow an authenticated user to escalate privileges via network access. Documents consistently identify the vulnerable component as the Intel Security Li...

SOOIL Dana Diabecare RS Products

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SOOIL Developments Co., Ltd. Equipment: Diabecare RS, AnyDana-i and AnyDana-A Vulnerabilities: Use of Hard Coded Credentials, Insufficiently Protected Credentials, Use of Insufficiently Random...

SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration

SEC Consult Vulnerability Lab Security Advisory 20140508-0 ======================================================================= title: Multiple critical vulnerabilities product: AVG Remote Administration vulnerable version: all - except issue 2 fixed version: none - except issue 2 impact:...