37 matches found
CVE-2026-25998
strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...
CVE-2026-25998 strongMan vulnerable to private credential recovery due to key and counter reuse
strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...
CVE-2022-31044
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created...
EUVD-2016-3366
Malware in sbrugna...
EUVD-2010-2641
Malware in sbrugna...
EUVD-2025-25591
Malicious code in bioql PyPI...
CVE-2025-52095
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll...
CVE-2025-52095
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll...
CVE-2025-52095
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll...
CVE-2025-52095
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll...
PDQ Smart Deploy 安全漏洞
PDQ Smart Deploy is a Windows device imaging and deployment software from PDQ Corporation. A security vulnerability exists in PDQ Smart Deploy version 3.0.2040, which stems from a flaw in the credential encryption routines in SDCommon.dll that could lead to elevation of privilege...
PT-2025-34379 · Pdq · Pdq Smart Deploy
Name of the Vulnerable Software and Affected Versions: PDQ Smart Deploy version 3.0.2040 Description: An issue allows an attacker to escalate privileges via the credential encryption routines in SDCommon.dll. Recommendations: At the moment, there is no information about a newer version that...
CVE-2025-52095
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll...
CVE-2025-52095
Summary: PDQ Smart Deploy 3.0.2040 is affected by a privilege-escalation flaw in the credential encryption routines inside SDCommon.dll. Affected software/version: PDQ Smart Deploy, v3.0.2040. Root cause: flaw in the credential encryption routines in SDCommon.dll. Impact: attacker can escalate pr...
CVE-2025-53671
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
Vulnerability fixed in Veeam Backup & Replication
A vulnerability has been fixed in Veaam Backup & Replication. A unauthenticated malicious person with access to the network port of the Backup Server, could exploit the vulnerability to retrieve encrypted credentials from the configuration. Using these credentials, the malicious party can then ga...
CVE-2023-0356
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information...
PT-2023-16281 · Econolite · Econolite Eos
Name of the Vulnerable Software and Affected Versions: Econolite EOS versions prior to 3.2.23 Description: The issue concerns the use of a weak hash algorithm for encrypting privileged user credentials. A configuration file, accessible without authentication, utilizes MD5 hashes for credential...
Socomec MODULYS GP 安全漏洞
Socomec MODULYS GP is a green power device from Socomec, a French company. A security vulnerability exists in Socomec MODULYS GP version 7.20 and prior versions, which stems from its lack of strong encryption of credentials on HTTP connections that could allow threat actors to obtain sensitive...
PT-2023-16208 · Socomec · Socomec Modulys Gp Netvision
Name of the Vulnerable Software and Affected Versions: SOCOMEC MODULYS GP Netvision versions 7.20 and prior Description: The issue is related to weak encryption for credentials on HTTP connections, which could allow threat actors to obtain sensitive information. Recommendations: For SOCOMEC MODUL...