Update now! GoAnywhere MFT zero-day patched

An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

LastPass-owner GoTo formerly LogMeIn on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service...

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

LastPass-owner GoTo formerly LogMeIn on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service...

PT-2023-33516 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: A potential security issue exists where the ext4 file system does not properly set up an encryption key during a jbd2 transaction. The actual impact and attack plausibility have not yet been...

PT-2023-33978 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: The issue is related to the ext4 file system, where an encryption key is set up during a jbd2 transaction. The actual impact and attack plausibility have not yet been proven. Recommendation...

CVE-2021-40342 Use of default key for encryption

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...

Dahua software products 访问控制错误漏洞

Dahua software products are a family of applications from Dahua Corporation Dahua of China. A security vulnerability exists in several Dahua software products that stems from an unauthenticated request for an AES encryption key that allows an attacker to obtain an AES encryption key by sending a...

PT-2022-27507 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue allows an attacker to obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface. This is due to a vulnerability of unauthenticated...

CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

Code injection

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

CVE-2021-35252 Common Key Vulnerability in Serv-U FTP Server

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

CVE-2021-35252

The CVE-2021-35252 case covers SolarWinds Serv-U FTP Server where a common encryption key is used across all deployed instances, enabling plaintext recovery of an encrypted value exposed to an attacker. Public documents indicate affected software versions include Serv-U prior to 15.3.0 (per Nessu...

CVE-2021-35252 Common Key Vulnerability in Serv-U FTP Server

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

PT-2022-10455 · Rhinosoft · Serv-U Ftp Server

Name of the Vulnerable Software and Affected Versions: Serv-U FTP Server affected versions not specified Description: A common encryption key is used across all deployed instances of the software. This allows an attacker to recover an encrypted value to plaintext if it is exposed. Recommendations...

SolarWinds Serv-U FTP Server 授权问题漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. SolarWinds Serv-U FTP Server suffers from an authorization issue vulnerability that stems from the deployment of a common encryption key across all of its instances resulting in an...

CVE-2022-2641

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...

CVE-2022-2641

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...

CVE-2022-2641

CVE-2022-2641 affects Horner Automation RCC 972 firmware 15.40, due to a static encryption key on the device. This enables remote changes, potential remote code execution, or DoS. Mitigation: update to RCC 972 firmware 15.60 or later; apply network isolation and standard ICS defenses per CISA ICS...

CVE-2022-2641

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...