Contiki-NG Security Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from a mishandling of oversized packets in dtlsccmdecryptmessage can lead to...

CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149, which originates from the ability to unauthorizedly download a configuration backup and decrypt the contained passwords using a...

PPLBlade - Protected Process Dumper Tool

Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...

CVE-2023-50350

HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information...

CVE-2023-49944

The Challenge Response feature of BeyondTrust Privilege Management for Windows PMfW before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the...

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the currently available option...

CVE-2022-24403

The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK Class 2 networks or CCK Class 3 networks. The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given on...

RUSTSEC-2023-0096 Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

Vulnerability of the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() of the OpenSSL cryptographic library, which allows a perpetrator to gain unauthorized access to protected information

The vulnerabilities of the functions EVPEncryptInitex2, EVPDecryptInitex2, and EVPCipherInitex2 in the OpenSSL cryptographic library are related to the absence of necessary encryption steps. Exploiting these vulnerabilities can allow a remote attacker to gain unauthorized access to protected...

K000135874: BIG-IP Next SPK SSH vulnerability CVE-2023-45226

Security Advisory Description The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contain hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is expos...

CVE-2023-42811

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

CVE-2023-42811

The CVE-2023-42811 issue affects the aes-gcm Rust crate (AES-GCM implementation). In versions before 0.10.3, decrypt_in_place_detached could expose the decrypted plaintext in the buffer after a tag verification failure, potentially enabling CCAs and full plaintext recovery depending on the progra...

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails...

CVE-2022-47557

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...

CVE-2022-47557

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...

CVE-2022-47557 Use of Password Hash With Insufficient Computational Effort in Ormazabal products

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...

CVE-2023-4680

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...