1071 matches found
Medium: qemu
Issue Overview: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values...
CVE-2023-40251
Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42...
CVE-2023-4384
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of ...
CVE-2023-4384
The CVE-2023-4384 entry affects MaximaTech Portal Executivo, version 21.9.1.140, via the Cookie Handler component. The vulnerability enables missing encryption of sensitive data and is exploitable remotely. Reported attack complexity is high with no required user interaction, and exploitation is ...
CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...
CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...
CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...
Heap overflow
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...
CVE-2023-3180
CVE-2023-3180 affects the QEMU virtio-crypto implementation. The vulnerability arises from not checking src_len vs dst_len in virtio_crypto_sym_op_helper, enabling a heap buffer overflow during encryption/decryption requests via virtio_crypto_handle_sym_req. Public references (Debian, CNVD, CNAs)...
CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...
CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...
CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...
CVE-2023-37907
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation LPE for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawn...
Code injection
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation LPE for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawn...
CVE-2023-37907
CVE-2023-37907 concerns Cryptomator and its MSI installer prior to version 1.9.2. The vulnerability arises because the MSI repair function spawns two administrative CMD processes, enabling a local privilege escalation for low-privileged users already with the software installed; a breakout can fa...
CVE-2023-37907 Cryptomator's MSI installer allows local privilege escalation
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation LPE for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawn...
PT-2023-9024 · Unknown · Openkeychain
Name of the Vulnerable Software and Affected Versions: OpenKeychain affected versions not specified Description: The issue is related to insufficient protection of service data in the OpenKeychain program for data encryption and electronic digital signature verification. Exploitation of this issu...
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
11 best practices for securing data in cloud services
In todays digital age, cloud computing has become an essential part of businesses, enabling them to store and access their data from anywhere. However, with convenience comes the risk of data breaches and cyberattacks. Therefore, it is crucial to implement best practices to secure data in cloud...
PT-2023-11496 · Cmseasy · Cmseasy
Name of the Vulnerable Software and Affected Versions: cmseasy version 7.0.0 Description: An issue was discovered that allows user credentials to be sent in clear text due to no encryption of form data. Recommendations: For cmseasy version 7.0.0, consider implementing encryption for form data to...