CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

Hardcoded credentials

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

CVE-2021-27481

The CVE-2021-27481 entry concerns ZOLL Defibrillator Dashboard, prior to version 2.2. Affected products use a hardcoded cryptographic key in the data exchange, creating potential unauthorized access to sensitive information. Connected advisories (ICSMA-21-161-01) explicitly flag hard-coded crypto...

CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

...

Unspecified Vulnerability in ZOLL Defibrillator Dashboard

ZOLL Defibrillator Dashboard is an asset management tool from ZOLL USA. Provides at-a-glance readiness checks for the entire defibrillator fleet, even for defibrillators on multiple campuses and locations. A security vulnerability exists in all versions of ZOLL Defibrillator Dashboard prior to 2....

CVE-2021-23211

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3...

CVE-2021-23211

CVE-2021-23211 affects Gallagher Command Centre Server (Gallagher Command Centre 8.40 prior to 8.40.1888 MR3). The root cause is Cleartext Storage of Sensitive Information in Memory, allowing the Cloud end-to-end encryption key to be recoverable from server memory dumps. The connected PT-2021-154...

ZOLL Defibrillator Dashboard 信任管理问题漏洞

ZOLL Defibrillator Dashboard is an asset management tool from ZOLL USA. Provides at-a-glance readiness checks for the entire defibrillator fleet, even for defibrillators on multiple campuses and locations. A security vulnerability exists in all versions of ZOLL Defibrillator Dashboard prior to 2....

CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

PT-2021-11241 · Intland · Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are...

UBUNTU-CVE-2021-3565

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentialit...

USN-4948-1: Linux kernel (OEM) vulnerabilities

Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

CVE-2021-27941

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application through 4.9.2 on Android and through 4.9.1 on iOS allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring th...

Code injection

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application through 4.9.2 on Android and through 4.9.1 on iOS allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring th...

CVE-2021-27941

The CVE-2021-27941 entry pertains to the eWeLink mobile application (QR code pairing mode) where unconstrained web access to the device’s private encryption key could let a physically proximate attacker monitor a device pairing process and eavesdrop on Wi‑Fi credentials and other sensitive inform...

CVE-2021-27941

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application through 4.9.2 on Android and through 4.9.1 on iOS allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring th...

CodeMeter Runtime Predictable Encryption Key

Binary data codemetercve-2020-14517.nbin...

MobileIron agents trust management issue vulnerability

MobileIron agents is an application from MobileIron USA. It is used for MobileIron agents. MobileIron agents versions 2021-03-22 and earlier are vulnerable to a trust management issue that stems from the inclusion of a hard-coded encryption key that is used to encrypt the submission of...