Netgear C7800 Missing Transport Encryption Vulnerability

Netgear C7800 suffers from a man-in-the-middle vulnerability...

CVE-2024-5462

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

CVE-2025-24904

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and m...

CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

The vulnerability of the IBM Robotic Process Automation software lies in its use of the RSA algorithm without the OAEP algorithm. This allows a perpetrator to disclose the protected information.

The vulnerability of the IBM Robotic Process Automation software lies in the use of the RSA algorithm instead of the OAEP algorithm. Exploiting this vulnerability allows a remote attacker to disclose the protected information...

CVE-2024-7295

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

CVE-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

CVE-2025-0477

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application...

CVE-2025-0477

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application...

CVE-2025-0477

Rockwell Automation FactoryTalk AssetCentre (versions prior to V15.00.001) is affected by CVE-2025-0477. The root cause is weak encryption methods, enabling a threat actor to extract passwords belonging to other users. Impact is data exposure with potential credential disclosure across the applic...

CVE-2025-0477 Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application...

IBM Storage Protect 加密问题漏洞

IBM Storage Protect IBM Spectrum Protect is a backup software from International Business Machines IBM. It provides comprehensive data data disaster recovery capabilities for physical file servers, virtual environments, and various applications. IBM Storage Protect has an encryption issue...

CVE-2024-52331 ECOVACS lawnmowers and vacuums deterministic firmware encryption key

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot...

CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

IBM Concert Encryption Problem Vulnerability (CNVD-2025-02546)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...

B&R Automation Runtime 加密问题漏洞

B&R Automation Runtime is an automation runtime from B&R Automation. An encryption issue vulnerability exists in B&R Automation Runtime versions prior to 6.1 and B&R mapp View versions prior to 6.1, which stems from the use of corrupt or risky encryption algorithms...

PT-2025-1212 · Microsoft · Windows Bitlocker +1

Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: A critical issue in Windows BitLocker exposes the encryption mechanism to a novel randomization attack targeting the AES-XTS mode. This allows attackers to bypass BitLocker...

The vulnerability in the implementation of the OpenPGP email encryption standard for the Mozilla Thunderbird client allows a perpetrator to disclose the protected information.

The vulnerability of the OpenPGP email encryption standard implemented by Mozilla Thunderbird client relates to insufficient protection of confidential data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...