CVE-2023-22918

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, VPN series...

Security Bulletin: IBM FlashSystem 9100 family and IBM Storwize V7000 2076-724 (Gen3) systems are NOT affected by security vulnerabilities CVE-2018-12037 and CVE-2018-12038

Summary IBM FlashSystem 9100 systems and Storwize V7000 2076-724 Gen3 systems are NOT affected by the security vulnerabilities where, by the absence of a cryptographic link between the password and the Disk Encryption Key, allows attackers with privileged access to SSD firmware to gain full acces...

The vulnerability of the Apex-VUZ education automation system, related to the use of strictly encrypted user data, allows a perpetrator to gain full access to the software environment.

The vulnerability of the Apex-VUZ education automation system is related to the use of strictly encrypted user data. Exploiting this vulnerability could allow a malicious actor to gain full access to the software environment...

SUSE CVE-2016-2176

The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service buffer over-read via crafted EBCDIC ASN.1 data...

Avast Releases Free Decryptor for BianLian Ransomware

By Deeba Ahmed Using this decryptor, BianLian victims can retrieve their encrypted data for free and avoid paying the ransom to the attackers. This is a post from HackRead.com Read the original post: Avast Releases Free Decryptor for BianLian Ransomware...

The vulnerability of the Windows Boot Manager’s download controller allows a hacker to bypass the device encryption function of BitLocker and gain access to encrypted data.

The vulnerability of the Windows Boot Manager download controller for Microsoft Windows operating systems relates to the bypassing of security functions. Exploiting this vulnerability can allow an attacker to circumvent the BitLocker device encryption function and gain access to encrypted data...

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to s...

SICK RFU61x 加密问题漏洞

The SICK RFU61x is the smallest read/write device in the SICK UHF portfolio from SICK. It is ideally suited for IoT applications directly on workpieces or components. A security vulnerability exists in the SICK RFU61x firmware version prior to v2.25, which stems from the fact that the use of a...

Mozilla Thunderbird Security Advisories (MFSA2022-50, MFSA2022-50) - Windows

Mozilla Thunderbird is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

XWiki Platform 安全漏洞

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. An input validation error vulnerability exists in XWiki Platform that stems from not properly clearing obfuscated entries. An attacker could exploit this vulnerability to obtain encrypte...

PT-2022-22142 · Ibm · Ibm Sterling Partner Engagement Manager

Name of the Vulnerable Software and Affected Versions: IBM Sterling Partner Engagement Manager version 2.0 Description: The issue allows encrypted storage of client data to be stored locally, which can be read by another user on the system. Recommendations: For IBM Sterling Partner Engagement...

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

CVE-2022-41983

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT QuickAssist Technology and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even...

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...

FileWave 信任管理问题漏洞

FileWave is an endpoint management suite from the Swiss company FileWave. FileWave suffers from a security vulnerability that originates from the fact that an unauthenticated attacker can decrypt sensitive information stored in FileWave using a hard-coded encryption key, or even send a crafted...

The vulnerability of Emerson DeltaV industrial workstations lies in the ability to use strictly encrypted account data, which allows an intruder to gain unauthorized access to protected information.

The vulnerability of Emerson DeltaV industrial workstations lies in the possibility of using rigidly encrypted account data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

CVE-2022-29948

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode 6 to...

CVE-2022-29948

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode 6 to...

CVE-2022-29948

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode 6 to...

Authentication flaw

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode 6 to...