CVE-2023-34258

An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution...

PT-2023-24780 · Bmc · Bmc Patrol

Name of the Vulnerable Software and Affected Versions: BMC Patrol versions prior to 22.1.00 Description: An issue was discovered where the agent's configuration can be remotely queried, containing the Patrol account password encrypted with a default AES key. This account can then be used to achie...

kernel: ext4: don't set up encryption key during jbd2 transaction

A flaw exists in the ext4 filesystem implementation in the Linux kernel such that the function ext4unlink extended a journaling transaction too far so that it included a call to ext4findentry. However, ext4findentry may need to set up a directory’s encryption key — which can cause a deadlock when...

Sage Group Sage 300 信任管理问题漏洞

Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK, designed to facilitate the management of an organization. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a...

CVE-2023-26243

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to...

SUSE CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept possibly cleartext target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point such as authentication...

Authentication flaw

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept possibly cleartext target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point such as authentication...

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key...

Double free

Memory corruption due to double free in core while initializing the encryption key...

CVE-2022-33231 Double free in Core

Memory corruption due to double free in core while initializing the encryption key...

CVE-2022-33231

CVE-2022-33231 describes memory corruption due to a double free in the core during initialization of the encryption key. The vulnerability is listed for Qualcomm closed‑source components; multiple CVE trackers (NVD, Red Hat advisory, CVE.org) reflect the same root cause. The Android bulletin indi...

PT-2023-13252 · Qualcomm · 315 5G Iot Modem Firmware +192

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to memory corruption caused by a double free error in the core when initializing the encryption key. Recommendations: At the moment, there is no information about a...

IBM Security Guardium 安全漏洞

IBM Security Guardium Key ifecycle Manager is managing the encryption key management process through centralization, streamlining and automation to help protect encrypted data and simplify encryption key management. vulnerability. The vulnerability is due to the fact that the affected version can...

Insecure Random Number Generator

lemur is vulnerable to an Insecure Random Number Generator. The vulnerability is due to the getpsuedorandomstring function in utils.py, caused to the usage of the insecure random library, which can result in authentication bypass in multiple services. The random library was used to generate the...

Lemur subject to insecure random generation

Overview Lemur was using insecure random generation for its example configuration file, as well as for some utilities. Impact The potentially affected generated items include: | Configuration item | Config option name if applicable | Documentation link if applicable | Rotation option | Code...

CVE-2023-20016

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

SUSE CVE-2011-4862

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...

SUSE CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

SUSE CVE-2018-12983

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file...

SUSE CVE-2018-1000072

iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This...