Lucene search
K

123 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/18 12:0 a.m.19 views

The vulnerability of the multi-platform SCADA system KROON-TM, related to the use of a rigidly encrypted cryptographic key for the SSL certificate, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the multi-platform SCADA system KROON-TM is related to the use of a rigidly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

10CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.5 views

The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/15 12:0 a.m.5 views

The vulnerability of TP-Link Tapo C500 Wi-Fi cameras, which stems from the use of a rigidly encrypted cryptographic key, allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of TP-Link Tapo C500 Wi-Fi cameras lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to carry out a “man-in-the-middle” attack...

7.2CVSS5.5AI score0.00257EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The command-line interface vulnerability of the FortiSandbox system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the command-line interface of the FortiSandbox threat detection and removal system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

4.6CVSS5.5AI score0.00148EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.4 views

PT-2024-28460 · Entrust · Entrust Instant Financial Issuance

Name of the Vulnerable Software and Affected Versions: Entrust Instant Financial Issuance formerly known as Cardwizard versions 6.8.x and earlier, 6.9.0, 6.9.1, 6.9.2, 6.10.0 Description: The issue concerns the use of a DLL library with a custom AES encryption process that relies on static...

6.6CVSS7.5AI score0.0011EPSS
Exploits0References7
NVD
NVD
added 2024/09/04 8:15 p.m.39 views

CVE-2024-45004

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read export will simply convert this field to hex and send it to...

5.5CVSS0.00102EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.8 views

The vulnerability of the software for managing and optimizing Cisco Intelligent Node (iNode) networks stems from the use of a hard-crypted cryptographic key. This allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of Cisco Intelligent Node iNode management and optimization software is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information by...

7.5CVSS5.5AI score0.00194EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
added 2024/06/03 11:52 a.m.4 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
NVD
NVD
added 2024/04/17 10:15 p.m.28 views

CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5.5CVSS5AI score0.00112EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 10:11 p.m.10 views

CVE-2024-29955 Insertion of Sensitive Information into Brocade SANnav Log File

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5CVSS6.7AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2024/04/17 10:11 p.m.63 views

CVE-2024-29955

Summary (CVE-2024-29955): Brocade SANnav before v2.3.1 and v2.3.0a is affected by a vulnerability where a privileged user can print the SANnav encrypted key in PostgreSQL startup logs due to insufficient protection of registration data in the PostgreSQL component. This could allow attackers with ...

5.5CVSS6.5AI score0.00112EPSS
Exploits0References1Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

SANnav encrypted key in PostgreSQL startup logs (CVE-2024-29955)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5CVSS6.9AI score0.00112EPSS
Exploits0Affected Software1
Prion
Prion
added 2024/02/06 6:16 a.m.15 views

Design/Logic Flaw

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL...

5CVSS7.2AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2024/02/06 5:47 a.m.72 views

CVE-2023-43522

CVE-2023-43522 is linked to Siemens SCALANCE W700: a NULL pointer dereference in the key unwrapping routine when the encrypted key is empty or NULL, causing a transient denial of service (crash). Details in connected plugin/NVD entries show a HIGH severity (CVSS v3.1: 7.5) with network attack vec...

7.5CVSS7.5AI score0.00324EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.7 views

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to the use of a rigidly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an unauthorized actor to gain unauthorized access to protected information...

6.1CVSS6.3AI score0.00688EPSS
Exploits0References3Affected Software40
BDU FSTEC
BDU FSTEC
added 2023/10/31 12:0 a.m.6 views

The vulnerability of the EisBaer SCADA system, which stems from the use of a strictly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.

The vulnerability of the EisBaer SCADA system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

7.1CVSS7.7AI score0.00425EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.7 views

The vulnerability of the MXSecurity software platform for managing security in industrial networks lies in the use of strictly encrypted credentials, which allows attackers to execute a type of “man-in-the-middle” attack.

The vulnerability of the MXSecurity software platform for managing security in industrial networks stems from the use of a strictly encrypted cryptographic key on the host. Exploiting this vulnerability allows an attacker operating remotely to execute a “man-in-the-middle” type attack...

7.8CVSS6.4AI score0.00369EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.6 views

The vulnerability of the SCADA system SCADA Data Gateway (SDG) arises from the use of a strictly encrypted cryptographic key. This allows an intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system SCADA Data Gateway SDG is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder operating remotely to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.00707EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/01 12:0 a.m.6 views

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System (GMS), a global network gatekeeper system, allows attackers to compromise data integrity.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System’s global network gateways is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrit...

7.8CVSS7.4AI score0.00678EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/27 12:0 a.m.8 views

The vulnerability of the control panel for servers and cloud services, CloudPanel, arises from the use of a rigidly encrypted cryptographic key for the SSL certificate. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the control panel for servers and cloud services like CloudPanel lies in the use of a strictly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

7.5CVSS7.5AI score0.00599EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder