Non-Constant Time Cryptographic Operation

devolutions.xts.net is vulnerable to Non-Constant Time Cryptographic Operation. The vulnerability is due to non-constant time cryptographic operations, which allow attackers to exploit variations in the time taken for different operations to reveal information about the encryption key...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

CVE-2024-11862 affects Devolutions.XTS.NET (versions 2024.11.19 and earlier). The issue is a non-constant-time cryptographic operation in the Galois Field multiplications used by XTS mode, which can enable timing attacks that render half of the encryption key obsolete and downgrade security towar...

CVE-2024-49506

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

CVE-2024-49506 Fixed temporary file path in aeon-checks allows fixing of disk encryption key

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

CVE-2024-49506 Fixed temporary file path in aeon-checks allows fixing of disk encryption key

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

CVE-2024-49506

CVE-2024-49506 corresponds to an insecure temporary-file creation in aeon-checks/openSUSE-related tooling. The vulnerability allows a local attacker on systems with non-default configurations to cause a denial of service or set the filesystem encryption key. Several connected sources reference ae...

aeon-check 安全漏洞

aeon-check is an open source tool from openSUSE. A security vulnerability exists in aeon-check that stems from an insecure way of creating temporary files, which allows a local user on a non-default-configured system to cause a denial of service or to set the encryption key for the file system...

Siemens SINEC INS Using Hardcoded Encryption Keys Vulnerability

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

PT-2024-33541 · Opensuse · Tumbleweed

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves the insecure creation of temporary files, which can be exploited by local users on systems with non-default configurations. This can...

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

CVE-2024-10284

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-10284

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-10284

CVE-2024-10284 concerns the CE21 Suite plugin for WordPress. Connected sources confirm an authentication bypass in versions up to 2.2.0 caused by a hardcoded encryption key in the ce21_authentication_phrase function, enabling unauthenticated login as existing users if email access is obtained. Th...

CVE-2024-10284 CE21 Suite <= 2.2.0 - Authentication Bypass

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-10284 CE21 Suite <= 2.2.0 - Authentication Bypass

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

SUSE CVE-2024-49506

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

Unspecified Vulnerability in IBM Maximo Application Suite-Monitor Component

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A security vulnerability exists in IBM Maximo Application Suite-Monitor Component, which stems from the...