PT-2023-29962 · Xerox · Mfps

Name of the Vulnerable Software and Affected Versions: MFPs multifunction printers from FUJIFILM Business Innovation Corp. and Xerox Corporation affected versions not specified Description: The multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation have a...

CVE-2023-46129

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

CVE-2023-44690

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

D-Link DIR-823G Encryption Parameter Buffer Overflow Vulnerability

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-823G Encryption parameter due to incorrect bounds checking in the SetWLanRadioSecurity function, which can be exploited by an attacker to cause a denial of service...

Huawei HarmonyOS Encryption Issue Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a message unencryption vulnerability. Successful exploitation of this vulnerability cou...

Stormshield SSL VPN Client 加密问题漏洞

Stormshield SSL VPN Client is a VPN client from Stormshield. A security vulnerability exists in Stormshield SSL VPN Client versions prior to 3.2.0 that stems from allowing an attacker enough access to other encrypted address books...

CVE-2023-39841

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

PT-2023-27129 · Unknown · Suleve 5-In-1 Smart Door Lock

Name of the Vulnerable Software and Affected Versions: Suleve 5-in-1 Smart Door Lock version v1.0 Description: The issue is related to missing encryption in the RFID tag of the Suleve 5-in-1 Smart Door Lock, which allows attackers to create a cloned tag via brief physical proximity to the origina...

CVE-2023-39843

Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...

Libbitcoin Explorer Security Feature Issue Vulnerability

Libbitcoin Explorer is a bitcoin command line tool open-sourced by Libbitcoin. Libbitcoin Explorer versions 3.0.0 through 3.6.0 suffer from a security vulnerability that stems from a security issue with the currency's encryption technology leading to the theft of funds...

HCL DRYiCE iAutomate Encryption Issue Vulnerability

HCL Technologies DRYiCE MyCloud is a Hybrid Cloud Lifecycle Management product from HCL Technologies, USA. A security vulnerability exists in HCL DRYiCE iAutomate that stems from the use of broken encryption algorithms...

IBM Sterling Connect:Direct 加密问题漏洞

IBM Sterling Connect:Direct is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. IBM Sterling Connect:Direct suffers from an encryption issue vulnerability that stems from the use of weak encryption algorithms, which could be exploited by an attacker to...

SonicWALL Analytics和GMS 加密问题漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

Google Pixel 加密问题漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that stems from a logic error in the code that can bypass encryption guarantees, which could lead to local privilege escalation...

CVE-2023-36539

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information...

WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability

Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...