1413 matches found
CVE-2024-26903
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcommchecksecurity During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a normal connection and...
CVE-2024-26903 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcommchecksecurity During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a normal connection and...
CVE-2024-26903 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcommchecksecurity During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a normal connection and...
SANnav encrypted key in PostgreSQL startup logs (CVE-2024-29955)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
Encryption key in the console (CVE-2024-29958)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption...
PT-2024-4304 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to insufficient protection of registration data, which could allow a remote attacker to gain unauthorized access to protected information. ...
The encryption key is stored in the DR log files (CVE-2024-29957).
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.Products Affected...
PT-2024-3233 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: A vulnerability in Brocade SANnav is related to insufficient protection of registration data in the PostgreSQL component. This could allow a privileged user to...
CVE-2024-25649
In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...
CVE-2024-25649
In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...
CVE-2024-2413
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...
CVE-2024-2413
CVE-2024-2413 affects Intumit SmartRobot, which uses a fixed cryptographic key for authentication. This allows remote attackers to craft an authentication code by encrypting a string of the user’s name and a timestamp, enabling administrator privileges and potential arbitrary code execution on th...
PT-2024-15171 · Kontrol +2 · Kontrol +3
Name of the Vulnerable Software and Affected Versions: Sciener firmware affected versions not specified Description: The issue concerns the use of a non-unique AES key in the pairing process between locks using Sciener firmware and wireless keypads. This key can be reused, potentially compromisin...
BIT-JENKINS-2020-2099
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...
GHSA-8P25-3Q46-8Q2P ESPHome vulnerable to remote code execution via arbitrary file write
Summary Security misconfiguration in edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. Detail...
CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \\otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...
SUSE CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...
CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...
DEBIAN-CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...
CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...