CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

libgcrypt: vulnerable to Marvin Attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

The vulnerability of the decrypt_raw_data() function in the SMB subsystem of the Linux operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the decryptrawdata function in the fs/smb/client/smb2ops.c module of the SMB subsystem of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity,...

Yealink Meeting Server 安全漏洞

Yealink YeaLink Meeting Server is a distributed cloud video conferencing infrastructure from China Yealink Yealink. A security vulnerability exists in Yealink Meeting Server versions prior to V26.0.0.67, which originates from allowing an attacker to obtain static key information from a front-end ...

CVE-2024-10379

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input...

CVE-2024-10377

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...

PT-2024-16229 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue affects the actionPassDecryptApplication1 function in the /com/esafenet/servlet/client/DecryptApplicationService.java file. The manipulation of the id argument leads to SQL injection. The...

CVE-2024-10069

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG V5 version has a SQL injection vulnerability, which originates from the parameter id of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java, which can lead to SQL injection...

CVE-2022-2031

...

CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via...

CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

goTenna Pro 安全漏洞

goTenna Pro is a series of devices from goTenna that create networks for off-grid communications and situational awareness. A security vulnerability exists in the goTenna Pro that stems from the use of a weak cipher for QR broadcast messages. If a QR broadcast message is captured via RF, it can b...

PT-2024-7606

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to a use-after-free vulnerability in the async decryption function of the Linux kernel's SMB client. This vulnerability can be exploited to impact the confidentiality,...

PT-2024-31616 · Zte · Zte Routers

Name of the Vulnerable Software and Affected Versions: ZTE routers affected versions not specified Description: The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in the rsa decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted...

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...