Multiple Siemens products use hard-coded encryption key vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

ELECOM WRC-X3000GS2-W Security Vulnerability

The ELECOM WRC-X3000GS2-W is a wireless router from ELECOM. A security vulnerability exists in the ELECOM WRC-X3000GS2-W that originates from the possibility that an attacker may be able to guess the encryption key used for wireless LAN communication and intercept the communication...

CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

Silicon Labs OpenThread SDK Security Vulnerability

Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...

CVE-2022-25332

The AES implementation in the Texas Instruments OMAP L138 secure variants, present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext...

Design/Logic Flaw

The AES implementation in the Texas Instruments OMAP L138 secure variants, present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext...

CVE-2022-25332 SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138

The AES implementation in the Texas Instruments OMAP L138 secure variants, present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext...

TETRA BURST Security Vulnerability

TETRA BURST is a terrestrial trunked radio standard for radio communications from TETRA BURST. TETRA suffers from a security vulnerability that stems from a backdoor in the TEA1 algorithm that reduces the original 80-bit key to one that can be easily brute-force deciphered on consumer hardware in...

PT-2023-12785 · Texas Instruments · Texas Instruments Omap L138

Name of the Vulnerable Software and Affected Versions: Texas Instruments OMAP L138 secure variants affected versions not specified Description: The AES implementation in the Texas Instruments OMAP L138 suffers from a timing side channel. This can be exploited by an adversary with non-secure...

Texas Instruments OMAP L138 Security Vulnerability

The Texas Instruments OMAP L138 is a DSP+ARM industrial processor from Texas Instruments. A security vulnerability exists in the Texas Instruments OMAP L138 secure variants, which stems from the ES implementation being susceptible to a timing side-channel, which can be exploited by an attacker to...

OSV-2023-893 Heap-buffer-overflow in initialize_encryption_key

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62542 Crash type: Heap-buffer-overflow READ Crash state: initializeencryptionkey cliole2extract cliscanole2...

Oracle Linux 6 : pidgin (ELSA-2011-0616)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0616 advisory. - Add patch for CVE-2011-1091 RH bug 683031. - Remove patches now included upstream: pidgin-2.6.6-clientLogin-proxy-fix.patch...

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet--and the recovery key--and therefore $38.9 million. It is now in bankruptcy. I cant understand why anyone thinks these technologies are a good idea...

CVE-2023-39250

Dell Storage Integration Tools for VMware DSITV and Dell Storage vSphere Client Plugin DSVCP versions prior to 6.1.1 and Replay Manager for VMware RMSV versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this...

CVE-2023-39250

Dell Storage Integration Tools for VMware DSITV and Dell Storage vSphere Client Plugin DSVCP versions prior to 6.1.1 and Replay Manager for VMware RMSV versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this...

CVE-2023-39250

Dell Storage Integration Tools for VMware DSITV and Dell Storage vSphere Client Plugin DSVCP versions prior to 6.1.1 and Replay Manager for VMware RMSV versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this...

CVE-2023-39250

Dell Storage Integration Tools for VMware DSITV and Dell Storage vSphere Client Plugin DSVCP versions prior to 6.1.1 and Replay Manager for VMware RMSV versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this...

PT-2023-6517 · Dell · Dell Storage Integration Tools For Vmware +2

Name of the Vulnerable Software and Affected Versions: Dell Storage Integration Tools for VMware DSITV versions prior to 6.1.1 Dell Storage vSphere Client Plugin DSVCP versions prior to 6.1.1 Replay Manager for VMware RMSV versions prior to 3.1.2 Description: The issue is related to an informatio...

HCL Technologies HCL Nomad Security Vulnerability

HCL Technologies HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL Technologies, USA. A security vulnerability exists in HCL Technologies HCL Nomad prior to version 1.0.7, which stems from a vulnerability that allows an attac...

PHOENIX CONTACTs WP 6xxx series web panels Trust Management Issues Vulnerability

PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. A trust management issue vulnerability exists in PHOENIX CONTACT WP 6xxx series web panels prior to version 4.0.10, where a remote attacker with administrator privileges can read a hard-coded...