Lucene search
K

239 matches found

BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.7 views

Vulnerability of the Server component: Security: Encryption of the Oracle MySQL Server database management system, due to improper access control, allows attackers to gain access to protected information.

The vulnerability of the Oracle MySQL Server component related to security: encryption involves a lack of protection for operational data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to protected information...

3.3CVSS6AI score0.00809EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/19 10:15 p.m.3 views

UBUNTU-CVE-2023-44690

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

7.5CVSS5.8AI score0.0022EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.5 views

Xpand IT Write-back manager Trust Management Issue Vulnerability

Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into a database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1, which stems from the use of a hard-coded salt in the configuration of the...

6.5CVSS6.7AI score0.00263EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/14 12:0 a.m.29 views

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

6.8AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2023/07/13 2:15 a.m.6 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.8 views

The vulnerability of the AES encryption algorithm implementation in TP-Link Tapo C200 IP cameras’ microprogramming software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the AES encryption algorithm implemented in TP-Link Tapo C200 IP cameras relates to the repetition of character sequences in the encrypted text due to incorrect processing of the initialization vector. Exploiting this vulnerability can allow an intruder to gain unauthorized...

5.3CVSS5.5AI score0.0035EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.4 views

CVE-2023-21115

In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

8.8CVSS7.4AI score0.00105EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.2 views

Dell CloudLink 加密问题漏洞

Dell CloudLink is a data encryption and key management system from Dell USA. An encryption issue vulnerability exists in Dell CloudLink version 7.1.2 and prior versions. The vulnerability stems from the system's use of insecure encryption, which could be exploited by an attacker to cause certain...

7.5CVSS6.5AI score0.00424EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/09 1:37 p.m.7 views

CVE-2023-31136 PostgresNIO processes unencrypted bytes from man-in-the-middle

PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...

3.7CVSS6.7AI score0.0049EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.8 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from improper encryption of the buildPropFile of the filesystem.go component, which can be exploited by an attacker to elevate privileges...

6.7CVSS7.1AI score0.0009EPSS
Exploits0References2
OSV
OSV
added 2023/02/23 8:15 p.m.5 views

CVE-2023-20016

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

6.5CVSS6.6AI score0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/02/23 12:0 a.m.5 views

CVE-2023-20016

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

6.5CVSS5.9AI score0.0011EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.5 views

SUSE CVE-2010-3074

SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...

2.1CVSS6.2AI score0.00386EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.1 views

SUSE CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

4.3CVSS6.5AI score0.01855EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.11 views

SUSE CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

7.5CVSS6.7AI score0.00343EPSS
Exploits0References66
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.5 views

ConnectWise Control 数据伪造问题漏洞

ConnectWise Control is a self-hosted remote desktop software application from ConnectWise USA. A data forgery vulnerability exists in ConnectWise Control version 22.9.10032 and prior versions, which stems from a flaw in the encryption method. An attacker could use this vulnerability to elevate...

9.8CVSS8.9AI score0.00685EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.7 views

SAMSUNG Flow 加密问题漏洞

SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in Samsung Flow for PC version 4.9.14.0. An attacker exploiting the vulnerability could decrypt encrypted messages...

8.8CVSS8AI score0.00192EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/02/09 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2023-1308)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.00436EPSS
Exploits0References2
Mageia
Mageia
added 2023/01/24 7:58 a.m.111 views

Updated samba packages fix security vulnerability

There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...

9.8CVSS1.2AI score0.06419EPSS
Exploits1References25
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.6 views

PT-2023-12362 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: The issue affects the DES implementation in the affected product versions, which use a default key for encryption. Successful exploitation allows an attacker to...

9.8CVSS9.2AI score0.00284EPSS
Exploits0References4
Rows per page
Query Builder