LSN-0109-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...

CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0.

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...

CVE-2024-54089

A vulnerability has been identified in APOGEE PXC Series BACnet All versions, APOGEE PXC Series P2 Ethernet All versions, TALON TC Series BACnet All versions. Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the...

CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...

CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...

Siemens APOGEE Series 加密问题漏洞

Siemens APOGEE Series is a family of building automation and control systems from Siemens, Germany. The Siemens APOGEE Series suffers from a cryptographic vulnerability that arises from the fact that the affected devices contain a weak encryption mechanism based on hard-coded keys. This could all...

Siemens Apogee PXC100 Devices

SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability that would allow an attacker to decrypt the passwords of the device. Siemens recommends...

CVE-2025-1099

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

CVE-2025-1099

CVE-2025-1099 affects the TP-Link/Tapo C500 Wi‑Fi camera. The vulnerability stems from a hard-coded RSA private key embedded in the device firmware, enabling a physically proximate attacker to obtain cryptographic private keys and perform impersonation, data decryption, and man-in-the-middle atta...

CVE-2025-1099 Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

CVE-2025-1099 Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

Azure Linux 3.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl (CVE-2022-4304)

The version of cloud-hypervisor / edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption...

CVE-2024-52884

An issue was discovered in AudioCodes Mediant Session Border Controller SBC before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports INI is able to decrypt the passwords...

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...

MGASA-2025-0045 Updated rootcerts, nss & firefox packages fix security vulnerabilities

Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...

AudioCodes One Voice Operations Center 安全漏洞

AudioCodes One Voice Operations Center AudioCodes OVOC is a web-based voice network management solution from AudioCodes, Inc. A security vulnerability exists in AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582 that stems from the use of a hard-coded key that allows an attacke...

AudioCodes Mediant Session Border Controller 安全漏洞

AudioCodes Mediant Session Border Controller AudioCodes Mediant SBC is a session border controller from AudioCodes, Inc. A security vulnerability exists in AudioCodes Mediant Session Border Controller SBC versions prior to 7.40A.501.841, which stems from the use of weak password obfuscation, wher...

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...