239 matches found
Vulnerability of the Server component: Security: Encryption of the Oracle MySQL Server database management system, due to improper access control, allows attackers to gain access to protected information.
The vulnerability of the Oracle MySQL Server component related to security: encryption involves a lack of protection for operational data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to protected information...
UBUNTU-CVE-2023-44690
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...
Xpand IT Write-back manager Trust Management Issue Vulnerability
Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into a database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1, which stems from the use of a hard-coded salt in the configuration of the...
CVE-2023-40354
An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
The vulnerability of the AES encryption algorithm implementation in TP-Link Tapo C200 IP cameras’ microprogramming software allows a intruder to gain unauthorized access to protected information.
The vulnerability of the AES encryption algorithm implemented in TP-Link Tapo C200 IP cameras relates to the repetition of character sequences in the encrypted text due to incorrect processing of the initialization vector. Exploiting this vulnerability can allow an intruder to gain unauthorized...
CVE-2023-21115
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Dell CloudLink 加密问题漏洞
Dell CloudLink is a data encryption and key management system from Dell USA. An encryption issue vulnerability exists in Dell CloudLink version 7.1.2 and prior versions. The vulnerability stems from the system's use of insecure encryption, which could be exploited by an attacker to cause certain...
CVE-2023-31136 PostgresNIO processes unencrypted bytes from man-in-the-middle
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from improper encryption of the buildPropFile of the filesystem.go component, which can be exploited by an attacker to elevate privileges...
CVE-2023-20016
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...
CVE-2023-20016
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...
SUSE CVE-2010-3074
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
SUSE CVE-2013-4135
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...
SUSE CVE-2020-3702
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...
ConnectWise Control 数据伪造问题漏洞
ConnectWise Control is a self-hosted remote desktop software application from ConnectWise USA. A data forgery vulnerability exists in ConnectWise Control version 22.9.10032 and prior versions, which stems from a flaw in the encryption method. An attacker could use this vulnerability to elevate...
SAMSUNG Flow 加密问题漏洞
SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in Samsung Flow for PC version 4.9.14.0. An attacker exploiting the vulnerability could decrypt encrypted messages...
Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2023-1308)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated samba packages fix security vulnerability
There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...
PT-2023-12362 · Unem +1 · Unem +1
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: The issue affects the DES implementation in the affected product versions, which use a default key for encryption. Successful exploitation allows an attacker to...