CVE-2024-42418

Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information...

PT-2024-29935 · Avtec · Avtec Outpost

Name of the Vulnerable Software and Affected Versions: Avtec Outpost affected versions not specified Description: The issue concerns the use of a default cryptographic key in Avtec Outpost, which can be exploited to decrypt sensitive information. Recommendations: At the moment, there is no...

Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface DPAPI in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading - Web Browser Stored Credentials...

Medium: containerd

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Malicious code in ethercheck (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c202b40df14e5a6ba231853aefc190984e981a5f22ef90d3d2e3da641643e8dd During importing, the code attempts to decrypt data embeded in READMEs. The decrypted code is then used to download further remote scripts --- Category:...

MAL-2024-12264 Malicious code in ethercheck (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c202b40df14e5a6ba231853aefc190984e981a5f22ef90d3d2e3da641643e8dd During importing, the code attempts to decrypt data embeded in READMEs. The decrypted code is then used to download further remote scripts --- Category:...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

IBM Datacap Navigator 安全漏洞

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly...

PT-2024-4963 · Ibm · Ibm Datacap Navigator

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9 Description: The issue is related to the use of weaker than expected cryptographic algorithms in IBM Datacap Navigator, which could allow an attacker to decrypt highly sensitive information...

CVE-2024-39888

A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...

CVE-2024-39888

A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...

CVE-2024-39888

CVE-2024-39888 affects Mendix Encryption versions 10.0.0 to 10.0.1, where a hard-coded default EncryptionKey enables decryption of encrypted project data if no per-project key is specified. Root cause: a security-relevant constant defined by default in the module. Consequences stated across sourc...

Siemens RUGGEDCOM 信息泄露漏洞

Siemens RuggedCom ROS is an operating system from Siemens, Germany, used in the RuggedCom series of switches. An information disclosure vulnerability exists in Siemens RUGGEDCOM ROS, which can be exploited by an attacker to retrieve a MACSEC key and access decrypt Ethernet frames sent by an...

Siemens Mendix 安全漏洞

The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

CVE-2023-38371

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198...

IBM Security Access Manager 加密问题漏洞

IBM Security Access Manager is a product for information security management applications from International Business Machines IBM. The product enables access management control through integrated appliances for web, mobile and cloud computing. IBM Security Access Manager suffers from an encrypti...

The vulnerability of the Brocade SANnav network management software, which stems from the use of strictly encrypted credentials, allows a hacker to perform a Man-in-the-Middle attack and decrypt SSH traffic.

The vulnerability of the Brocade SANnav network management software is related to the use of strictly encrypted authentication credentials. Exploiting this vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack and decrypt SSH traffic...