CVE-2023-43522

CVE-2023-43522 is linked to Siemens SCALANCE W700: a NULL pointer dereference in the key unwrapping routine when the encrypted key is empty or NULL, causing a transient denial of service (crash). Details in connected plugin/NVD entries show a HIGH severity (CVSS v3.1: 7.5) with network attack vec...

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to the use of a rigidly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an unauthorized actor to gain unauthorized access to protected information...

The vulnerability of the EisBaer SCADA system, which stems from the use of a strictly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.

The vulnerability of the EisBaer SCADA system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

The vulnerability of the MXSecurity software platform for managing security in industrial networks lies in the use of strictly encrypted credentials, which allows attackers to execute a type of “man-in-the-middle” attack.

The vulnerability of the MXSecurity software platform for managing security in industrial networks stems from the use of a strictly encrypted cryptographic key on the host. Exploiting this vulnerability allows an attacker operating remotely to execute a “man-in-the-middle” type attack...

The vulnerability of the SCADA system SCADA Data Gateway (SDG) arises from the use of a strictly encrypted cryptographic key. This allows an intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system SCADA Data Gateway SDG is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder operating remotely to gain unauthorized access to protected information...

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System (GMS), a global network gatekeeper system, allows attackers to compromise data integrity.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System’s global network gateways is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrit...

The vulnerability of the control panel for servers and cloud services, CloudPanel, arises from the use of a rigidly encrypted cryptographic key for the SSL certificate. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the control panel for servers and cloud services like CloudPanel lies in the use of a strictly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the access control tool, Policy Manager, in the software for remote IT support and monitoring provided by Dell Secure Connect Gateway (SCG), allows a perpetrator to increase their privileges.

The vulnerability of the access control mechanism in the Policy Manager software for remote IT support and monitoring in Dell Secure Connect Gateway SCG is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to increase their...

The vulnerability of the access control tool, Policy Manager, in the software for remote IT support and monitoring provided by Dell Secure Connect Gateway (SCG), allows a perpetrator to increase their privileges.

The vulnerability of the access control mechanism in the Policy Manager software for remote IT support and monitoring in Dell Secure Connect Gateway SCG is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to increase their...

SUSE CVE-2009-2407

Heap-based buffer overflow in the parsetag3packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service system crash or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a...

SUSE CVE-2017-1000114

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

The vulnerability of InHand Networks InRouter302’s microprogramming software, which stems from the use of a rigidly encrypted cryptographic key, allows attackers to enhance their privileges and disclose protected information.

The vulnerability of InHand Networks InRouter302 microprogramming software lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability allows a malicious actor to enhance their privileges and disclose protected information through a specially crafted HTTP request...

The vulnerability of the implementation of TLS and SSL software from Mbed TLS allows a attacker to rewrite data in the memory buffer and restore the encrypted RSA key.

The vulnerability of the implementation of TLS and SSL software from Mbed TLS relates to the possibility of writing data beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to rewrite data into the memory buffer and restore the encrypted RSA key...

The vulnerability of the protection mechanism for detecting and responding to security threats at FortiEDR endpoints lies in the use of a strictly encrypted cryptographic key. This allows attackers to gain unauthorized access to the protected information.

The vulnerability of the security tool for detecting and responding to security threats at end points in FortiEDR is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected informati...

The vulnerability of the Dell Enterprise SONiC operating system, which stems from the use of a strictly encrypted cryptographic key, allows attackers to disclose the protected information.

The vulnerability of the Dell Enterprise SONiC operating system lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker, working remotely, to disclose the protected information...

CVE-2022-34826

In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs...

PT-2022-22378 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.1.x before 7.1.1 Description: The issue concerns the potential leakage of an encrypted Private Key passphrase in the logs. Recommendations: For Couchbase Server versions 7.1.x before 7.1.1, update to version 7.1.1 ...

The vulnerability of SonicWall SMA 1000 series network firewall microprogramming software, which is related to the use of a strictly encrypted cryptographic key, allows attackers to disclose protected information.

The vulnerability of SonicWall SMA 1000 series network firewall microprogramming software is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability can allow attackers to disclose protected information...

iDrive RemotePC 信任管理问题漏洞

iDrive RemotePC is remote control software from iDrive, Inc. A trust management issue vulnerability exists in iDrive RemotePC versions prior to 7.6.48 on Windows, where a locally authenticated attacker can read an encrypted version of the system's personal key in an owner-readable %PROGRAMDATA% l...

CVE-2020-26551

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...