Common Weakness Enumeration

CWE-326

Allowed-with-Review

Inadequate Encryption Strength

Abstraction: Class · Status: Draft

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

633 vulnerabilities reference this CWE, most recent first.

GHSA-84GM-V5WH-659W

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2025-04-12 12:34
VLAI
Details

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-06-05T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.",
  "id": "GHSA-84gm-v5wh-659w",
  "modified": "2025-04-12T12:34:39Z",
  "published": "2022-05-13T01:05:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224"
    },
    {
      "type": "WEB",
      "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
    },
    {
      "type": "WEB",
      "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004671"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004670"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
    },
    {
      "type": "WEB",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441"
    },
    {
      "type": "WEB",
      "url": "https://filezilla-project.org/versions.php?type=server"
    },
    {
      "type": "WEB",
      "url": "https://discussions.nessus.org/thread/7517"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
    },
    {
      "type": "WEB",
      "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
    },
    {
      "type": "WEB",
      "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/site/blogs/766093/posts/908133"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
    },
    {
      "type": "WEB",
      "url": "http://ccsinjection.lepidum.co.jp"
    },
    {
      "type": "WEB",
      "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
    },
    {
      "type": "WEB",
      "url": "http://esupport.trendmicro.com/solution/en-US/1103813.aspx"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29217"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://puppetlabs.com/security/cve/cve-2014-0224"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0624.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0626.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0627.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0630.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0631.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0632.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0633.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0680.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Jun/38"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58128"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58337"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58385"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58433"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58492"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58579"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58615"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58639"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58660"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58667"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58713"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58714"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58716"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58719"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58742"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58743"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58745"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58759"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58930"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58939"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58945"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58977"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59004"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59012"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59040"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59043"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59055"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59063"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59093"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59101"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59120"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59126"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59132"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59135"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59142"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59162"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59163"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59167"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59175"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59186"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59188"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59189"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59190"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59191"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59192"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59202"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59211"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59214"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59215"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59223"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59231"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59264"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59282"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59284"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59287"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59300"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59301"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59305"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59306"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59310"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59325"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59338"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59342"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59347"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59354"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59362"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59364"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59365"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59368"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59370"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59374"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59375"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59380"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59383"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59389"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59413"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59429"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59435"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59437"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59438"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59440"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59441"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59442"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59444"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59445"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59446"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59447"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59448"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59449"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59450"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59451"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59454"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59459"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59460"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59483"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59490"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59491"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59495"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59502"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59506"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59514"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59518"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59525"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59528"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59529"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59530"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59589"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59602"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59655"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59659"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59661"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59666"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59669"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59677"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59721"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59784"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59824"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59827"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59878"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59885"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59894"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59916"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59990"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60049"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60066"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60176"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60522"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60567"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60571"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60577"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60819"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61254"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61815"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6443"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX140876"
    },
    {
      "type": "WEB",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
    },
    {
      "type": "WEB",
      "url": "http://www.blackberry.com/btsc/KB36051"
    },
    {
      "type": "WEB",
      "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
    },
    {
      "type": "WEB",
      "url": "http://www.fortiguard.com/advisory/FG-IR-14-018"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg3T1020948"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004678"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT02314"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
    },
    {
      "type": "WEB",
      "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/978508"
    },
    {
      "type": "WEB",
      "url": "http://www.kerio.com/support/kerio-control/release-history"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
    },
    {
      "type": "WEB",
      "url": "http://www.openssl.org/news/secadv_20140605.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031032"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031594"
    },
    {
      "type": "WEB",
      "url": "http://www.splunk.com/view/SP-CAAAM2D"
    },
    {
      "type": "WEB",
      "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
    },
    {
      "type": "WEB",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
    },
    {
      "type": "WEB",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84JM-9GQ7-8QCH

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-07-13 00:01
VLAI
Details

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-15T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.",
  "id": "GHSA-84jm-9gq7-8qch",
  "modified": "2022-07-13T00:01:36Z",
  "published": "2022-05-24T19:20:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38979"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212785"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6516034"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-86R9-39J9-99WP

Vulnerability from github – Published: 2021-06-23 17:17 – Updated: 2021-05-20 16:54
VLAI
Summary
Elliptic Curve Key Disclosure in go-jose
Details

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "gopkg.in/square/go-jose.v1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/square/go-jose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-9121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-20T16:54:50Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.",
  "id": "GHSA-86r9-39j9-99wp",
  "modified": "2021-05-20T16:54:50Z",
  "published": "2021-06-23T17:17:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/square/go-jose/commit/c7581939a3656bb65e89d64da0a52364a33d2507"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/164590"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2020-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2016/11/03/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Elliptic Curve Key Disclosure in go-jose"
}

GHSA-877X-WH4J-H3GM

Vulnerability from github – Published: 2022-05-14 03:50 – Updated: 2022-05-14 03:50
VLAI
Details

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-04T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.",
  "id": "GHSA-877x-wh4j-h3gm",
  "modified": "2022-05-14T03:50:24Z",
  "published": "2022-05-14T03:50:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1664"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133557"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012027"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102470"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87G3-RX63-RRCH

Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2025-06-03 21:30
VLAI
Details

The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-16T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.",
  "id": "GHSA-87g3-rx63-rrch",
  "modified": "2025-06-03T21:30:30Z",
  "published": "2022-09-17T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42949"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dhammon/HotelDruid-CVE-2021-42949"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dhammon/Security"
    },
    {
      "type": "WEB",
      "url": "https://www.hoteldruid.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87P9-XF94-P7QH

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28
VLAI
Details

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-15T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php",
  "id": "GHSA-87p9-xf94-p7qh",
  "modified": "2022-05-24T17:28:20Z",
  "published": "2022-05-24T17:28:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24925"
    },
    {
      "type": "WEB",
      "url": "https://vyshnavvizz.blogspot.com/2020/09/sensitive-information-disclosure-source.html"
    },
    {
      "type": "WEB",
      "url": "https://www.elkarbackup.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-88R9-VCJ8-625F

Vulnerability from github – Published: 2023-04-11 09:30 – Updated: 2024-04-04 03:23
VLAI
Details

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).",
  "id": "GHSA-88r9-vcj8-625f",
  "modified": "2024-04-04T03:23:48Z",
  "published": "2023-04-11T09:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27389"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU96198617"
    },
    {
      "type": "WEB",
      "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
    },
    {
      "type": "WEB",
      "url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
    },
    {
      "type": "WEB",
      "url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88VG-7C8F-H3PR

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-26T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).",
  "id": "GHSA-88vg-7c8f-h3pr",
  "modified": "2022-05-24T19:03:18Z",
  "published": "2022-05-24T19:03:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16499"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1168196"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-89V6-G7J9-XJ43

Vulnerability from github – Published: 2022-09-20 00:00 – Updated: 2022-09-23 00:00
VLAI
Details

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-327",
      "CWE-328"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-19T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.",
  "id": "GHSA-89v6-g7j9-xj43",
  "modified": "2022-09-23T00:00:42Z",
  "published": "2022-09-20T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29835"
    },
    {
      "type": "WEB",
      "url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8CGG-HM22-RFWQ

Vulnerability from github – Published: 2022-05-17 03:44 – Updated: 2022-05-17 03:44
VLAI
Details

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-8085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-03T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.",
  "id": "GHSA-8cgg-hm22-rfwq",
  "modified": "2022-05-17T03:44:02Z",
  "published": "2022-05-17T03:44:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8085"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/hw-455876"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76897"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Use an encryption scheme that is currently considered to be strong by experts in the field.

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-192: Protocol Analysis

An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.

CAPEC-20: Encryption Brute Forcing

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.