219 matches found
PT-2024-38244 · Telerik · Telerik Report Server
Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...
goTenna Pro ATAK Plugin 安全漏洞
The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communication and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from an encryption key being stored on the device along with ...
PT-2024-27283 · Ibm · Ibm Maximo Application Suite
Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite - Manage Component versions 8.10 through 9.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information usi...
CVE-2024-5800
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
CVE-2020-4874
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...
PT-2024-12908 · Ibm · Ibm Cognos Controller
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...
PT-2024-10853 · Ibm · Ibm Cognos Controller
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...
CVE-2024-3543
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...
CVE-2024-2236
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...
CVE-2024-27255
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
Yealink Config Encrypt Tool Security Vulnerability
YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from a possible decryption risk when encrypting Autop deployment files with a default key...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
CVE-2022-34310
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441...
UBUNTU-CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
IBM PowerSC 加密问题漏洞
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly...
macOS 14.x < 14.3 Multiple Vulnerabilities (HT214061)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.3. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS...
CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...