Automation 360 信任管理问题漏洞

Automation 360 is a cloud-native end-to-end intelligent automation platform. A security vulnerability exists in Automation 360 version 22 that stems from a hard-coded encryption key that can decrypt exported RPA packages...

simpleSAMLphp incorrectly handles XML encryption

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...

The vulnerability of the tls_decrypt_ticket function in the OpenSSL library exists due to insufficient validation of input data, allowing attackers to trigger a service failure.

The vulnerability of the tlsdecryptticket function in the OpenSSL library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

IBM Security Guardium 加密问题漏洞

IBM Security Guardium is a suite of platforms from IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building.IBM Security Guardium has a weak encryption algorithm vulnerability that stems from the fact...

CVE-2022-1279 Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2...

CVE-2021-32593

A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...

CVE-2021-32593

A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...

CVE-2021-32593

A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...

IBM UrbanCode Deploy 加密问题漏洞

IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

ICT Protege GX/WX 2.08 Cross Site Scripting

ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App: 02.08.766 Lib: 04.00.169 Int: 02.2.208...

CVE-2020-25193

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

CVE-2022-25596

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service...

Code injection

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

GO-2022-0425 Weak encryption and denial of service in github.com/flynn/noise

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-22799

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...

CVE-2021-23842

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

Bosch Amc2 信任管理问题漏洞

Bosch Amc2 is an access modular controller from Bosch, Germany. The Bosch AMC2 is vulnerable to a trust management issue vulnerability that arises from an attacker being able to retrieve a key from the firmware to decrypt network traffic between the AMC2 and the host system. As a result, an...

SalonErp SQL注入漏洞

SalonErp is a salon management software by Thomas Sparber Personal Developer. A SQL injection vulnerability exists in SalonERP 3.0.1. The vulnerability allows an attacker to inject payloads using sql parameters in SQL queries when generating reports. After successfully discovering the login...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...