PT-2023-25183 · Nextcloud · Nextcloud End-To-End Encryption

Name of the Vulnerable Software and Affected Versions: Nextcloud End-to-end encryption app versions prior to 1.12.4 Description: The Nextcloud End-to-end encryption app provides APIs for implementing End-to-End encryption on the client side. An issue exists where providing an invalid meta data fi...

Google Android 加密问题漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an encryption problem vulnerability that can be exploited by an attacker to cause elevated privileges on paired devices...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

Design/Logic Flaw

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data...

CVE-2023-28045

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data...

Acronis Cyber Protect 加密问题漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Singapore. It combines backup, anti-malware, network security, and endpoint management features such as vulnerability assessment, URL filtering, patch management, and more. A security...

Important: Red Hat Security Advisory: mysql:8.0 security, bug fix, and enhancement update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

HashiCorp Vault 加密问题漏洞

HashiCorp Vault is a private key access management tool from HashiCorp USA. A security vulnerability exists in HashiCorp Vault Enterprise that stems from the Vault not properly applying HMAC to messages sent from the HSM when using a CBC-based encryption mechanism...

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

CVE-2023-27389

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...

CVE-2023-29000 Nextcloud Desktop client does not verify received singed certificate in end-to-end encryption

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt file...

Akuvox E11 安全特征问题漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from the inclusion of a feature that encrypts a message and then forwards it.The IV vector and key are static, which could allow an attacker to...

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...

PT-2023-2202 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below Description: A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption could allow an attacker with physical access to an affected device to bypas...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Dell EMC Secure Connect Gateway 加密问题漏洞

Dell EMC Secure Connect Gateway Dell Emc Scg is a secure connectivity gateway from Dell USA. A security vulnerability exists in Dell EMC Secure Connect Gateway SCG version 5.14.00.12, which stems from the presence of a corrupted encryption algorithm vulnerability that can be exploited by a remote...

Fortinet FortiNAC 加密问题漏洞

Fortinet FortiNAC is a zero-trust access solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiNAC. An attacker could exploit the vulnerability to decrypt and forge protocol communication messages. The following versions are affected: versions 9.4.0 through 9.4.1, 9.2.0...

SUSE CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...