CVE-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

PT-2023-9602 · Hashicorp +2 · Hashicorp Vault +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.6.0 through 1.12.10 HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.6 HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.2 Description: The issue is related to...

PT-2023-6220 · Mozilla +3 · Network Security Services +3

Name of the Vulnerable Software and Affected Versions: Network Security Services NSS versions prior to 3.61 Description: The issue is related to the implementation of the PKCS1 v1.5 standard in the NSS library, which was leaking information useful for mounting Bleichenbacher-like attacks through...

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

QNAP QTS / QuTS hero Vulnerability in QTS and QuTS hero (QSA-23-60)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-60 advisory. An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local networ...

CVE-2023-34971

An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following...

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

CVE-2023-37858

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

CVE-2023-21652

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use...

PT-2023-26960 · WordPress · Video Conferencing With Zoom

Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...

PT-2023-12344 · Ibm · Ibm Sterling Connect:Direct For Unix

Name of the Vulnerable Software and Affected Versions: IBM Sterling Connect:Direct for UNIX version 1.5 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM...

IBM Sterling Connect:Direct 加密问题漏洞

IBM Sterling Connect:Direct is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. IBM Sterling Connect:Direct suffers from an encryption issue vulnerability that stems from the use of weak encryption algorithms, which could be exploited by an attacker to...

CVE-2023-35763

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext...

Design/Logic Flaw

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext...

Iagona ScrutisWeb 信任管理问题漏洞

Iagona ScrutisWeb is a security solution from the French company Iagona. A security vulnerability exists in Iagona ScrutisWeb version 2.1.37 and earlier versions. An attacker exploited the vulnerability to decrypt encrypted passwords into plaintext...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-26276 IBM QRadar information disclosure

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147...

WordPress plugin EmbedPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-33842

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117...