CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...

Smadar SPS 加密问题漏洞

Smadar SPS is a smart digital archiving software from Smart Printing Solutions LTD. An encryption issue vulnerability exists in Smadar SPS version 4.0.44.0.64, which arises from the use of a corrupt or risky encryption algorithm...

Acronis Cyber Protect Cloud Agent 加密问题漏洞

Acronis Cyber Protect Cloud Agent is a cloud agent from Acronis Switzerland. An encryption issue vulnerability exists in versions prior to Acronis Cyber Protect Cloud Agent build39185 that stems from a weak algorithm used to sign RPM packages...

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

PT-2024-38521 · Percona +1 · Percona-Toolkit +1

Name of the Vulnerable Software and Affected Versions: percona-toolkit version 3.6.0 Description: The issue affects percona-toolkit, allowing encryption brute forcing due to the use of a password hash with insufficient computational effort. This enables an attacker to potentially crack passwords...

IBM Cognos Controller Encryption Problem Vulnerability (CNVD-2024-47515)

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An encryption issue vulnerability exists in IBM Cognos...

IBM Cognos Controller 加密问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An encryption issue vulnerability exists in IBM Cognos...

CVE-2024-50377

CVE-2024-50377 affects Advantech EKI-6333AC-2G (≤1.6.3), EKI-6333AC-2GD (≤1.6.3), and EKI-6333AC-1GPO (≤1.2.1). The issue is a CWE-798 “Use of Hard-coded Credentials” in the backup configuration functionality, where archives are encrypted with a static password. This could allow an attacker with ...

TRCore DVC Trust Management Issue Vulnerability

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

Broadcom SANnav 加密问题漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom USA. An encryption issue vulnerability exists in Broadcom SANnav versions prior to 2.2.2, which stems from support for key exchange algorithms...

CVE-2024-11308

The CVE-2024-11308 entry concerns TRCore’s DVC, a file-insurance system, which encrypts files with a hardcoded key. The underlying issue is the use of a static cryptographic key, enabling an attacker with local access to decrypt targeted files and recover original content as described in multiple...

Siemens SCALANCE M-800 Missing Encryption of Sensitive Data (CVE-2023-28450)

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

CVE-2021-34750 Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability

A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This...

Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)

The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...

Siemens SINEC INS Using Hardcoded Encryption Keys Vulnerability

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

The vulnerability of the encryption component in Sophos Intercept X software allows a perpetrator to write arbitrary files.

The vulnerability of the encryption component of Sophos Intercept X software is related to the use of unmanaged third-party components. Exploiting this vulnerability could allow a hacker to write arbitrary files...

CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

PT-2024-15061 · Nokia · Nokia Sr Os

Name of the Vulnerable Software and Affected Versions: Nokia SR OS affected versions not specified Description: The Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack, allowing an attacker in possession of the encrypted file to decrypt it and obtain the BOF configuration...

Cisco UCS Central 安全漏洞

Cisco UCS Central is a server management software from Cisco USA. The software supports the management of multiple Cisco UCS instances or domains in different locations and environments. Up to 10,000 Cisco UCS servers blades, racks, and minis and Cisco HyperFlex systems can be supported using the...

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...