SecureProps Security Vulnerabilities

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A security vulnerability exists in SecureProps versions 1.2.0 and 1.2.1, which stems from the inability of regular expressions to detect tags during the decryption of encrypted data, which...

CVE-2024-2495

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data...

CVE-2024-2495 Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data...

CVE-2024-2495 Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data...

ALPINE-CVE-2024-1931

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's...

Vulnerability fixed in Mozilla Thunderbird

Mozilla has fixed a vulnerability in Thunderbird. Due to an flaw in the processing of email messages in the local cache, the encrypted data, such as the subject line, from email messages could be included in other email messages. When the user replies to such such an infected email message, for...

IBM Storage Defender Privilege Mismanagement Vulnerability

IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. A privilege mismanagement vulnerability exists in IBM Storage Defender Connection Manager, which stems from a Resiliency Service that could allow a privileged user to perform...

Information disclosure

In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-50957

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783...

CVE-2023-50957

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783...

CVE-2023-50957 IBM Storage Defender - Resiliency Service privilege escalation

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783...

PT-2024-14028 · Ibm · Ibm Storage Defender - Resiliency Service

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service version 2.0 Description: The issue allows a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. Recommendations: For IBM Storage Defender -...

The vulnerability of Zoom’s video conferencing software, related to data encryption errors, allows attackers to disclose sensitive information that is protected by encryption.

The vulnerability of Zoom video conferencing software is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by encryption...

Unveiling Lu0Bot Malware A Node.js-Based Threat

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lu0Bot Malware, a Node.js-based threat, surfaced in February 2021 as a secondary payload in GCleaner attacks. This malware acts as a bot, responding to C2 server commands and transmitting encrypted syste...

Unveiling Lu0Bot Malware A Node.js-Based Threat

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lu0Bot Malware, a Node.js-based threat, surfaced in February 2021 as a secondary payload in GCleaner attacks. This malware acts as a bot, responding to C2 server commands and transmitting encrypted syste...

CVE-2023-43636

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

Design/Logic Flaw

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

CVE-2023-43636 Rootfs Not Protected

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

The vulnerability of SIMATIC NET PC Software, WinCC, and SINAUT Software lies in the use of outdated functions, which allow an intruder to gain unauthorized access to encrypted data.

The vulnerabilities of SIMATIC NET PC Software, WinCC, and SINAUT Software are related to the use of outdated functions. Exploiting these vulnerabilities can allow an intruder, operating remotely, to gain unauthorized access to encrypted data...

PT-2023-25618 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom affected versions not specified Description: Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Recommendations: At the moment, there is no information about a newer...