14 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-33589
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...
IBM Maximo Application Suite Encryption Issue Vulnerability
IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An encryption issue vulnerability exists in IBM Maximo Application Suite versions 8.10, 8.11, and 9.0,...
CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
IBM Security Directory Suite Encryption Issue Vulnerability
IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. A security vulnerability exists in IBM Security Directory Suite that stems from the use of weaker-than-expected encryption...
CVE-2021-33589
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...
K76610106: F5 IPsec vulnerability CVE-2020-5938
Security Advisory Description When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. CVE-2020-5938 Impact IPsec connections can be created with a different key length than specified in...
IBM CICS TX Encryption Issue Vulnerability
IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX version 11.1 is vulnerable to an encryption issue that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt...
IBM Spectrum Copy Data Management Encryption Issue Vulnerability
IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies and automates data center copy management processes, is vulnerable to an encryption issue that stems from the fact that IBM Spectrum Copy Data Management uses a weaker-than-expected encryption algorithm, which could be...
IBM Cloud Pak for Security Encryption Issue Vulnerability
IBM Cloud Pak for Security CP4S is an open security platform from IBM that connects to your existing data sources, generates deeper insights, and enables you to act faster with automation. IBM Cloud Pak for Security CP4S suffers from an encryption issue vulnerability in versions 1.7.0.0, 1.7.1.0,...
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
...
Design/Logic Flaw
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass...
GLSA-200603-15 : Crypt::CBC: Insecure initialization vector
The remote host is affected by the vulnerability described in GLSA-200603-15 Crypt::CBC: Insecure initialization vector Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes long initializiation vectors correctly when running in the RandomIV mode, resulting in a weaker encryption...
Code injection
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...
mod_ssl -- SSLCipherSuite bypass
It is possible for clients to use any cipher suite configured by the virtual host, whether or not a certain cipher suite is selected for a specific directory. This might result in clients using a weaker encryption than originally configured...