30 matches found
EUVD-2025-209539
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...
CVE-2025-1241
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...
CVE-2025-1241
CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...
CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...
EUVD-2022-2741
Malicious code in bioql PyPI...
CVE-2025-46833
Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...
EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞
EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...
Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem 840 (CVEs 2015-0204, 2015-0488, and 2015-1916)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition version that is used by the IBM FlashSystem 840. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - April 2015. A man-in-the-middle exploit of one of these vulnerabilities could...
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading...
GHSA-67FJ-6W6M-W5J8 Reversible One-Way Hash in io.github.javaezlib:JavaEZ
Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading...
CVE-2022-29249
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...
Design/Logic Flaw
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...
CVE-2022-29249 Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...
CVE-2022-29249
CVE-2022-29249 affects the JavaEZ library. The issue is limited to v1.6 and enables a force decryption of locked text due to weak cryptography in the unlock/decrypt flow. Pre-1.6 is unaffected. A fix is available in release 1.7; upgrading is the advised remediation. Public disclosures and advisor...
CVE-2022-29249 Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...
PT-2022-19496 · Javaez · Javaez
Name of the Vulnerable Software and Affected Versions: JavaEZ version 1.6 Description: A weakness in JavaEZ allows force decryption of locked text by unauthorized actors. The issue may be critical in situations where the highest levels of security are required, but it is not critical for non-secu...
PT-2020-12009 · 1Password · 1Password Scim Bridge +1
Name of the Vulnerable Software and Affected Versions: 1Password command-line tool versions prior to 0.5.5 1Password SCIM bridge versions prior to 0.7.3 Description: An issue was discovered where an insecure random number generator was used to generate various keys. This could allow an attacker...
Design/Logic Flaw
The Juniper Device Manager JDM container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local...
Security Bulletin: Vulnerability with RSA Export Keys affects IBM Systems Director (CVE-2015-0138)
Summary The FREAK: Factoring Attack on RSA-EXPORT keys TLS/SSL client and server vulnerability affects IBM Systems Director. Vulnerability Details Abstract The FREAK: Factoring Attack on RSA-EXPORT keys TLS/SSL client and server vulnerability affects IBM Systems Director. Content Vulnerability...
Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM hasaddressed the applicable CVEs...