Privilege escalation

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

Fortinet FortiOS Encryption Issue Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a...

Dell EMC Unity Encryption Issue Vulnerability

Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...

SUSE CVE-2013-4350

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network...

SUSE CVE-2019-2924

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Dell PowerScale OneFS Encryption Issue Vulnerability (CNVD-2023-12613)

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS is vulnerable to an encryption issue stemming from a weak encoding of passwords. A malicious, locally privileged attacker could exploit this vulnerability to cause information disclosure...

Dell PowerScale OneFS Encryption Issue Vulnerability (CNVD-2023-12612)

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS is vulnerable to an encryption issue that could be exploited by an attacker to cause a data breach...

HashiCorp Boundary 安全漏洞

HashiCorp Boundary is an open source solution from the US-based HashiCorp Inc. that automates secure identity-based user access to hosts and services across environments. A security vulnerability exists in HashiCorp Boundary that stems from the fact that new keys created by automatic rotation may...

MGASA-2023-0010 Updated samba packages fix security vulnerability

There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...

IO FinNet tss-lib 加密问题漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...

Click Studios Passwordstate 加密问题漏洞

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program provides you with the ability to save yo...

CVE-2022-38659 HCL BigFix Platform is affected by insecure credential storage

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent...

IBM CICS TX Encryption Issue Vulnerability

IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX version 11.1 is vulnerable to an encryption issue that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt...

GLSA-202210-34 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-34 Mozilla Firefox: Multiple Vulnerabilities - A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. CVE-2022-42927 - Certain...

SAP Customer Data Cloud 加密问题漏洞

SAP Customer Data Cloud is a tool from SAP Germany that provides digital customer identity and access management. It enables companies to collect, aggregate and manage customer data across multiple touch points and applications. An encryption issue vulnerability exists in SAP Customer Data Cloud...

CVE-2022-2781

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables...

Rdiffweb 加密问题漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.0a4, which stems from the fact that it does not reasonably limit or...

CVE-2022-30683 AEM Violation of Secure Design Principles Security feature bypass

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this i...

WordPress plugin Simple Single Sign On 加密问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only)

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file...