CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...

CVE-2024-4611

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...

IBM MQ 加密问题漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. An encryption issue vulnerability exists in IBM MQ Container that stems from the use of a...

IBM Engineering Lifecycle Optimization Publishing Encryption Issue Vulnerability

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. IBM Engineering Lifecycle Optimization Publishing suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption...

PT-2025-3909 · Rockwell Automation · Factorytalk Assetcentre

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001 Description: An encryption issue exists due to a weak encryption methodology, which could allow a threat actor to extract passwords belonging to other users of the...

IBM Concert 加密问题漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...

CVE-2024-56690

CVE-2024-56690 : Linux kernel crypto: pcrypt fix for -EBUSY/-EAGAIN. After commit 8f4f68e7, padata_do_parallel() may return -EAGAIN for pcrypt encrypt/decrypt when CPUs go online/offline, triggering a WARN/panic under panic_on_warn. The remediation is to call the crypto layer directly (no paralle...

CVE-2024-53185 smb: client: fix NULL ptr deref in crypto_aead_setkey()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

CVE-2024-53185 smb: client: fix NULL ptr deref in crypto_aead_setkey()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

IBM Aspera Faspex Encryption Problem Vulnerability (CNVD-2024-49165)

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an encryption issue vulnerability that stems from improper encryption of certain data. An attacker could exploit the vulnerability to...

SonicWALL SMA100 Encryption Issue Vulnerability

The SonicWALL SMA100 is a secure access gateway appliance from SonicWALL USA. The SonicWALL SMA100 suffers from a cryptographic issue vulnerability that stems from the use of a weakly encrypted pseudo-random number generator in the backup code generator. An attacker could exploit the vulnerabilit...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50151)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50151 advisory. - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building...

CVE-2023-37395

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data...

IBM Aspera Faspex 加密问题漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an encryption issue vulnerability that stems from improper encryption of certain data. An attacker could exploit the vulnerability to...

Unable to encrypt Identity disk on AWS when using encrypted master image

The AMI was created using an encrypted instance\snapshot. However, the MCS machines appear with identity disk "Not encrypted"...

TRCore DVC 安全漏洞

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from an encryption issue that occurs when the controller receives an LMP Initiate Encryption command under unexpected circumstances...

Dell Secure Connect Gateway Encryption Issue Vulnerability (CNVD-2024-41686)

The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. A cryptographic issue vulnerability exists in Dell Secure Connect Gateway version 5.24.00.14, which arises from the use of a corrupted or risky encryption algorithm, and can be exploited by a low-privileged...

Topdata Inner Rep Plus WebServer 加密问题漏洞

Topdata Inner Rep Plus WebServer is an application from Topdata Corporation. An encryption issue vulnerability exists in Topdata Inner Rep Plus WebServer version 2.01 that stems from the use of a risky encryption algorithm...

Moderate: Red Hat Bug Fix Advisory: nss bug fix and enhancement update

An update for nss is now available for Red Hat Enterprise Linux 8.8 Extended Update Support and Red Hat Enterprise Linux 8. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Bug Fixes and...