CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-29978

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-32151

The CVE-2024-32151 entry concerns Sharp MFPs where passwords are decrypted and stored in memory prior to user login, making decrypted passwords retrievable from core dumps. Multiple connected sources confirm this issue and link it to Sharp/Toshiba MFPs (notably Sharp 2015-2024-era devices). The r...

CVE-2024-32151

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-29978

CVE-2024-29978 affects Sharp MFPs (multifunction printers). The issue arises from passwords being decrypted and stored in memory before user login, with decrypted passwords retrievable from a core dump. This creates a risk of password exposure if memory contents or core dumps are accessed. Connec...

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

PT-2024-22764 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the...

CVE-2024-41781

IBM PowerVM Platform KeyStore IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the H...

CVE-2024-41781

Summary: CVE-2024-41781 affects IBM PowerVM Hypervisor Platform KeyStore. If an attacker gains service access to the HMC, they can locate and decrypt data in the Platform KeyStore via service procedures. Affected versions : PowerVM Hypervisor FW950.00–FW950.90, FW1030.00–FW1030.60, FW1050.00–FW10...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...

MAL-2024-10849 Malicious code in my-wallet-backupt-decryption-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27ce6fe7581d2cdb10673965b6fefaeef4f33c8ae7f8ab0f45e5e3341065620e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308

The CVE-2024-11308 entry concerns TRCore’s DVC, a file-insurance system, which encrypts files with a hardcoded key. The underlying issue is the use of a static cryptographic key, enabling an attacker with local access to decrypt targeted files and recover original content as described in multiple...

TRCore DVC 安全漏洞

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)

The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities

Summary IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate wi...

PT-2024-8351 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS versions 10.2.7-h12 through 11.2.2-h1 Description: A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when...

PT-2024-38244 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...