CVE-2020-3382

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

Authentication flaw

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

CVE-2020-3382 Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

CVE-2020-3382 Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager DCNM for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisco’s Nexus-series Ethernet switches...

Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...

PT-2020-14183 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.19 TYPO3 CMS versions 10.0.0 through 10.4.5 Description: In a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing...

Potential Privilege Escalation

In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the...

Easergy Builder Hardcoded Encryption Key Plaintext Storage Vulnerability

Schneider Electric Easergy Builder is a set of configuration software for Easergy remote terminal units and controllers from Schneider Electric, France. A security vulnerability exists in Schneider Electric Easergy Builder version 1.4.7.2 and prior versions. An attacker could exploit the...

Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...

CVE-2020-13777

A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne EPFL disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIA...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

CVE-2020-5248

GLPI before version 9.4.6 is vulnerable due to a default, public encryption key (GLPIKEY) used to encrypt data. This allows decryption of sensitive data stored with that key. The issue arises because changing the key after installation requires re-encrypting existing data, and some columns/rows (...

TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key Vulnerability

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile, where a hardcoded encryption key is used in order to encrypt/decrypt a config...

CVE-2020-12110

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...

CVE-2020-12110

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...

Hardcoded credentials

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...