Fortinet Fortigate Hardcoded SSLVPN cookie encryption key (FG-IR-21-051)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-051 advisory. - A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve...

CVE-2024-48539

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism...

IBM Maximo Application Suite 安全漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A security vulnerability exists in IBM Maximo Application Suite-Monitor Component, which stems from the...

CVE-2024-48539

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism...

CVE-2024-48539

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism...

CVE-2024-20280

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

CVE-2024-20448

A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...

CVE-2024-20448

The CVE-2024-20448 involves Cisco Nexus Dashboard Fabric Controller (NDFC) (formerly DCNM). It stems from improper storage of sensitive data in config-only and full backup files, enabling an attacker with access to a backup generated by an affected device to view sensitive information, including ...

CVE-2024-20448 Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability

A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...

PT-2024-8630 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: The issue is related to the improper storage of sensitive information within backup files, allowing an attacker with access to these files to view...

Exploit for Path Traversal in Jenkins

Jenkins File Read Vulnerability - CVE-2024-23897 !My Shop...

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...

CVE-2024-47128

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

CVE-2024-41931

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

CVE-2024-47121 Weak Passwords Requirements in goTenna Pro

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via...

CVE-2024-45374 goTenna Pro ATAK Plugin Weak Password Requirements

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

goTenna Pro 安全漏洞

goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A security vulnerability exists in goTenna Pro versions 1.9.12 and earlier, which stems from an encryption key being stored with a static IV, which allows the key stored...

goTenna Pro ATAK Plugin 安全漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communication and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from an encryption key being stored on the device along with ...

PT-2024-31587 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK plugin affected versions not specified Description: The issue concerns the use of weak passwords for sharing encryption keys via the key broadcast method in the goTenna Pro ATAK plugin. If the broadcasted encryption key is...