Lucene search
K

219 matches found

Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.7 views

PT-2024-38244 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...

7.1CVSS7.1AI score0.00106EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.5 views

goTenna Pro ATAK Plugin 安全漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communication and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from an encryption key being stored on the device along with ...

6.5CVSS6.6AI score0.00117EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.4 views

PT-2024-27283 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite - Manage Component versions 8.10 through 9.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information usi...

7.5CVSS6.7AI score0.00247EPSS
Exploits0References9
OSV
OSV
added 2024/08/12 1:38 p.m.4 views

CVE-2024-5800

Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2024/06/21 5:15 p.m.3 views

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

7.5CVSS5.8AI score0.00344EPSS
Exploits1References1
OSV
OSV
added 2024/05/03 5:15 p.m.6 views

CVE-2020-4874

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.3 views

PT-2024-12908 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

7.5CVSS9.3AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.7 views

PT-2024-10853 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

7.5CVSS9.3AI score0.0027EPSS
Exploits0References5
OSV
OSV
added 2024/05/02 2:15 p.m.10 views

CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...

7.5CVSS5.9AI score0.00379EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:15 p.m.8 views

CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS5.5AI score0.01114EPSS
Exploits0References6
OSV
OSV
added 2024/03/03 12:15 p.m.6 views

CVE-2024-27255

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905...

7.5CVSS5.8AI score0.00261EPSS
Exploits0References2
OSV
OSV
added 2024/02/20 12:15 a.m.6 views

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

7.5CVSS5.8AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.5 views

Yealink Config Encrypt Tool Security Vulnerability

YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from a possible decryption risk when encrypting Autop deployment files with a default key...

7.5CVSS6.7AI score0.00444EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/19 12:0 a.m.16 views

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

6.8AI score0.00444EPSS
Exploits0References1
OSV
OSV
added 2024/02/12 6:15 p.m.4 views

CVE-2022-34310

IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441...

7.5CVSS5.8AI score0.00486EPSS
Exploits0References3
OSV
OSV
added 2024/02/09 11:15 p.m.3 views

UBUNTU-CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS6.2AI score0.00539EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.6 views

IBM PowerSC 加密问题漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly...

7.5CVSS6.6AI score0.00318EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/22 12:0 a.m.72 views

macOS 14.x < 14.3 Multiple Vulnerabilities (HT214061)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.3. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS...

8.8CVSS8.4AI score0.10593EPSS
Exploits6References21
Vulnrichment
Vulnrichment
added 2024/01/12 2:24 p.m.2 views

CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

7.5AI score0.00556EPSS
Exploits0References2
OSV
OSV
added 2023/12/27 9:15 p.m.3 views

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

6.3CVSS5.8AI score0.00119EPSS
Exploits1References1
Rows per page
Query Builder