rPGP Potential Resource Exhaustion when handling Untrusted Messages

During a security audit, Radically Open Security discovered two vulnerabilities which allow attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. Impact Affected rpgp versions do not...

DEBIAN-CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

CVE-2024-53857 rPGP Potential Resource Exhaustion when handling Untrusted Messages

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

CVE-2024-53857 rPGP Potential Resource Exhaustion when handling Untrusted Messages

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

CVE-2024-53857

CVE-2024-53857 concerns the rPGP OpenPGP implementation in Rust. Prior to version 0.14.1, rPGP allows resource-exhaustion (memory/time) when processing crafted messages during general parsing and symmetric-key decryption. The issue can trigger out-of-memory or long computations, potentially affec...

Panics on Malformed Untrusted Input

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data. Impact When processing malformed input, rpgp can run into Rust panics which halt the program. This can happen in the following...

Our secret ingredient for reverse engineering

Nowadays, a lot of cybersecurity professionals use IDA Pro as their primary tool for reverse engineering. While IDA is a complex tool that implements a multitude of features useful for dissecting binaries, many reverse engineers use various plugins to add further functionality to this software. W...

PT-2024-35953 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows an attacker to trigger crashes in rPGP by providing crafted data. This can occur in various scenarios, including parsing OpenPGP messages, decrypting messages via decrypt with...

PT-2024-35954 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...

CVE-2024-53614

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges...

PT-2024-35791 · Thinkware · Thinkware Cloud Apk

Name of the Vulnerable Software and Affected Versions: Thinkware Cloud APK version 4.3.46 Description: A hardcoded decryption key in the Thinkware Cloud APK allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. Recommendations: For Thinkware Cloud APK...

Thinkware Cloud APK 安全漏洞

Thinkware Cloud APK is a free Android app from Thinkware that allows easy access to Thinkware Car Recorder. A security vulnerability exists in Thinkware Cloud APK version v4.3.46 that stems from a hard-coded decryption key in the application, which allows an attacker to access sensitive data and...

CVE-2024-53614

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges...

CVE-2024-53614

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges...

CVE-2024-53614

Thinkware Cloud APK 4.3.46 is affected by CVE-2024-53614 due to a hardcoded decryption key embedded in the app. This weakness can allow an attacker to access sensitive data and execute arbitrary commands with elevated privileges. Publicly available details (NVD, Red Hat, CNNVD, PT Security, and o...

CVE-2024-41775

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

PT-2024-29559 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Amcsgroup Trux_Waste_Management

CVE-2024-22734 Exploit PoC for CVE-2024-22734 !imageh...

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-29978

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...