1413 matches found
CVE-2024-39866
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with...
CVE-2024-39866
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with...
Siemens Mendix 安全漏洞
The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...
jose4j: denial of service via specially crafted JWE
A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...
PT-2024-20200 · Autel · Autel Maxicharger Ac Elite Business C50
Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations...
CVE-2023-49113
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...
SUSE-FU-2024:2078-1 Feature update for rabbitmq-server313, erlang26, elixir115
This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues: rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 jscPED-8414: - Security issues fixed: CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice DoS...
Toshiba e-STUDIO Security Vulnerability
Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO, which arises from an encryption key for an application installed on the multifunction device becoming temporarily replaceable, which could allow tamperin...
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensiti...
CGA-WGVQ-WM85-Q9VX
Bulletin has no description...
Insecure Deserialization
typo3/cms-core is vulnerable to Insecure Deserialization. The vulnerability is due to request handling that relies on HMAC-SHA1 signing with a sensitive encryption key, which, if exposed, allows attackers to deserialize malicious payloads...
RHEL 4 : pidgin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pidgin: libpurple no way to restrict private messages from being sent over session dbus CVE-2012-1257 -...
RHEL 5 : pidgin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pidgin: Out-of-bounds write in purplemarkupunescapeentity triggered by invalid XML CVE-2017-2640 - cipher...
Baxter Welch Ally Connex Spot Monitor Security Vulnerability
Baxter Welch Ally Connex Spot Monitor is a monitor from Baxter, Inc. A security vulnerability exists in Baxter Welch Ally Connex Spot Monitor versions prior to 1.52 that stems from the use of a default encryption key...
PT-2024-40101 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns insecure deserialization in Extbase request handling. It requires a user-submitted payload to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionK...
kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-4844
CVE-2024-4844 concerns Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2. The issue is a hardcoded credential in the keystore, allowing an attacker with admin privileges on the ePO server to read the orion.keystore contents and access the ePO database encryption ...
PT-2024-33110 · Trellix · Trellix Epolicy Orchestrator
Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator ePO on Premise versions prior to 5.10 Service Pack 1 Update 2 Description: A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file,...