SUSE: Security Advisory (SUSE-SU-2019:2648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-22158

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is vulnerable to XML external entity XXE injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are...

CVE-2021-22158

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is vulnerable to XML external entity XXE injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are...

Xxe

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is vulnerable to XML external entity XXE injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are...

CVE-2021-22158

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is vulnerable to XML external entity XXE injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

Hardcoded credentials

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

CVE-2020-35138

CVE-2020-35138 affects MobileIron agents for Android and iOS (up to 2021-03-22). The concrete issue is a hardcoded encryption key located in com/mobileiron/common/utils/C4928m.java, used to encrypt username/password submissions during authentication. Reported impact centers on credential handling...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

Authentication flaw

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...

CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...

Design/Logic Flaw

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

CVE-2021-21979

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2021-11361)

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from...

The vulnerability of the Bluetooth BR/EDR encryption key negotiation protocol lies in its authentication procedures’ deficiencies, which allow attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Bluetooth BR/EDR encryption key negotiation protocol is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...

Reolink P2P Cameras Trust Management Issue Vulnerability

Reolink P2P Cameras is a camera. A trust management issue vulnerability exists in Reolink P2P Cameras, which can be exploited by an attacker to obtain a fixed encryption key and access applications outside the local network access range. The vulnerability exists in the following devices or models...

Ring Adds End-to-End Encryption to Quell Security Uproar

Smart doorbell maker Ring is giving cybersecurity critics less to gripe about with the introduction of end-to-end encryption to many of its models. Ring products, which have been a juggernaut success with consumers, have faced a litany of harsh criticism from cybersecurity experts for what they s...

New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication 2FA device can clone it...

Rust Buffer Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in bumpalo crate before 3.2.1 for Rust, which stems from a realloc feature that allows reading of unknown memory. An attacker can exploit this vulnerability to potentially read...

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...