CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

CVE-2023-4489

The CVE affects Silicon Labs Z/IP Gateway SDK-based Z/IP Gateway products, specifically versions prior to 7.18.3. The first S0 encryption key is generated using an uninitialized PRNG at startup, making it predictable and enabling potential network key prediction and unauthorized S0 network access...

CVE-2023-4489 Z/IP Gateway Use of Uninitialized PRNG when Generating S0 Encryption Key

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access...

Design/Logic Flaw

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...

Information disclosure

The FACSChorus workstation does not prevent physical access to its PCI express PCIe slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM...

CVE-2023-29063

BD FACSChorus CVE-2023-29063 describes a vulnerability where physical access to PCIe slots could allow a memory-capture PCI card to dump RAM and expose sensitive data (e.g., BitLocker keys) during startup. Affected products include BD FACSChorus workstations (v5.0/v5.1 and v3.0/v3.1). The issue s...

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

CVE-2023-24023

CVE-2023-24023 describes a Bluetooth BR/EDR MITM vulnerability (BLUFFS) where Secure Simple Pairing and Secure Connections in Bluetooth Core 4.2–5.4 can be forced to use short keys, potentially enabling encryption-key discovery and live injection. Connected IBM/AS/Android material confirms the sa...

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

CVE-2023-6253

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file...

Design/Logic Flaw

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file...

CVE-2023-6253 Saved Uninstall Key in Digital Guardian Agent Uninstaller

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file...

CVE-2023-6253

CVE-2023-6253 affects Digital Guardian Agent prior to version 7.9.4, where an encryption/uninstall key is stored in the uninstaller. A local attacker can retrieve the uninstall key from memory of the uninstaller file and use it to remove the software. Affected component: Agent Uninstaller; root c...

CVE-2023-48055

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48055

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48055

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...

Multiple Siemens products use hard-coded encryption key vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...