Citrix Licensing server vulnerability TLSv1.0/1.1 on CitrixWebServicesforLicensing

When running Qualis security report, it reports the following error : The CitrixWebServicesforLicensing TLSv1.0/1.1 vulnerbility on our Citrix Licensing server. An attacker can exploit cryptographic flaws to conduct man-in-the-middle type attacks or to decryption communications...

Bitwarden 安全漏洞

Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A security vulnerability exists in Bitwarden Desktop version v1.20.0 and prior versions, which stems from storing biometric keys in plaintext, allowing a local attacker to decrypt the entire local vault...

Briar 加密问题漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.5.3,...

PT-2023-21421 · Jins · Jins Meme Core Firmware

Name of the Vulnerable Software and Affected Versions: JINS MEME CORE Firmware versions 2.2.0 and earlier Description: The issue is related to a hard-coded cryptographic key used in the firmware, which may allow a network-adjacent attacker to decrypt data acquired by a sensor of the affected...

Silicon Labs Gecko SDK 安全漏洞

The Silicon Labs Gecko SDK GSDK is an open source library from Silicon Labs. Combines the Silicon Labs Wireless Software Development Kit SDK and the Gecko platform into one integrated package. A security vulnerability exists in Silicon Labs Gecko SDK 4.2.1 and earlier versions, which stems from a...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

Rockwell Automation ThinManager 加密问题漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. Rockwell Automation ThinManager has an encryption issue vulnerability that stems from allowing the use of...

CVE-2023-25184

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASI...

kernel: Denial of service in beacon protection for P2P-device

A flaw was found in P2P-Device in wifi in ieee80211rxhdecrypt in net/mac80211/rx.c in the Linux kernel, leading to a denial of service...

JINS MEME CORE uses a hard-coded cryptographic key

Overview JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. MASAHIRO IIDA of LAC Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

CVE-2022-22313 IBM QRadar Data Synchronization App information disclosure

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

Improper Cryptographic Algorithm

jose4j is vulnerable to Improper Cryptographic Algorithm. The vulnerability exists due to the way RSA15 and RSAOAEP is implemented, allowing an attacker to decrypt RSA15 or RSAOAEP encrypted ciphertexts, and in addition, it may be feasible to sign with affected keys...

CVE-2023-27557

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...

IBM Safer Payments 加密问题漏洞

IBM Safer Payments is the first true payment processing cognitive fraud prevention solution from IBM USA. helps clients create customized, user-friendly decision models. IBM Safer Payments has a cryptographic issue vulnerability that stems from the use of weaker-than-expected encryption algorithm...

CVE-2022-41399

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...

GHSA-JGVC-JFGH-RJVV Chosen Ciphertext Attack in Jose4j

Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

PT-2023-14626 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: A cryptographic issue can occur under the "/api/v1/vencrypt/decrypt/file" endpoint, allowing a malicious user, logged into a victim's account, to decipher a file without knowing t...

LIVEBOX Collaboration vDesk 加密问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from /api/v1/vencrypt/decrypt/file A cryptographic issue may occur...