Open-Xchange: SSRF - Guard - Unchecked HKP servers

Description When encrypting an email, one of strategies to lookup recipient's encryption key is to contact a HKP keyserver specified in DNS records of recipient's domain. Specifically it is DNS SRV records for hkps.tcp. and hkp.tcp., which specify hostname and port of the keyserver. In source cod...

CVE-2020-2099

A flaw was found in Jenkins. Encryption key parameters are improperly reused in the Inbound TCP Agent Protocol/3 allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents. The highest threat from this vulnerability is to data confidentiality...

CVE-2013-1352

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...

Hardcoded credentials

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...

CVE-2013-1352

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...

CVE-2013-1352

CVE-2013-1352 affects Verax NMS prior to 2.1.0, where an encryption key is hardcoded in a JAR archive. This creates a potential confidentiality risk if the key is exposed; CVSS v3.1 indicates a HIGH impact on confidentiality (network access, no privileges required). The provided connected documen...

CVE-2020-2099

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...

CVE-2020-2099

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

NEOWISE CARBONFTP 1.4 - Weak Password Encryption

NEOWISE CARBONFTP 1.4 - Weak Password Encryption Exploit Title: NEOWISE CARBONFTP 1.4 - Weak Password Encryption discovery Date: 2019-01-24 published : 2020-01-20 Exploit Author: hyp3rlinx Vendor Homepage: https://www.neowise.com Software Link: https://www.neowise.com/freeware/ Version: 1.4 +...

Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...

CVE-2019-19891

An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information...

CVE-2019-19891

CVE-2019-19891 concerns an encryption key vulnerability in Mitel SIP-DECT wireless devices (firmware versions 8.0 and 8.1) that could allow an attacker to perform a man-in-the-middle (MITM) attack and potentially intercept sensitive information. The CVE is referenced across multiple sources (NVD,...

Cisco Data Center Network Manager REST API Authentication Bypass Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A REST API authentication bypass vulnerability exists in Cisco Data Center Network...

Cisco Data Center Network Manager JBoss_4_2Encrypter Hardcoded Cryptographic Key Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

glpi -- Public GLPIKEY can be used to decrypt any data

MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...

NewStart CGSL CORE 5.05 / MAIN 5.05 : linux-firmware Vulnerability (NS-SA-2019-0251)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has linux-firmware packages installed that are affected by a vulnerability: - Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android version...

Mitel SIP-DECT Encryption Key Vulnerability

Mitel SIP-DECT provides organizations of all sizes with a comprehensive solution for cordless IP network-based telephony by combining Session Initiation Protocol SIP innovation with DECT. An encryption key vulnerability exists in Mitel SIP-DECT using firmware versions 8.1 and 8.0, which could be...

CVE-2019-18833

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure issue 2 of 2.. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An...

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...