239 matches found
CVE-2024-9620 Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption
A flaw was found in Event-Driven Automation EDA in Ansible Automation Platform AAP, which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access...
PT-2024-10413 · Ibm · Ibm Storage Defender
Name of the Vulnerable Software and Affected Versions: IBM Storage Defender versions 2.0.0 through 2.0.7 Description: The issue is related to the IBM Storage Defender's Defender Sensor component, which has incorrect data encryption. This could allow a remote attacker to obtain sensitive informati...
Authenticator 加密问题漏洞
Authenticator is an open source authenticator from Authenticator Extension. An encryption issue vulnerability exists in Authenticator version 7.0.0 and prior versions, which stems from the fact that user data encryption keys are stored using only AES-256 and EVPBytesToKey KDF, which could lead to...
CVE-2024-45165
An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "c2007 UCI Software GmbH B.Boll" without quotes. The key is both static and hardcoded. With access to messages, this results...
CVE-2024-42657
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process...
Dell Data Lakehouse 安全漏洞
Dell Data Lakehouse is a fully integrated data platform from Dell, Inc. An encryption issue vulnerability exists in Dell Data Lakehouse version 1.0.0.0, which stems from a missing encryption of sensitive data contained in the DDAE. An attacker could exploit this vulnerability to cause information...
IBM Security Access Manager 加密问题漏洞
IBM Security Access Manager is a product for information security management applications from International Business Machines IBM. The product enables access management control through integrated appliances for web, mobile and cloud computing. IBM Security Access Manager suffers from an encrypti...
PT-2024-26952 · Freefrom · Freefrom
Name of the Vulnerable Software and Affected Versions: FreeFrom - the nostr client versions prior to 1.3.5 Description: A reusing nonce, key pair in encryption issue exists. If this issue is exploited, the content of direct messages between users may be manipulated by a man-in-the-middle attack...
CVE-2023-6096 using a inappropriate encryption logic
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...
PT-2024-14882 · Unknown · Dvr Firmware
Name of the Vulnerable Software and Affected Versions: DVR firmware affected versions not specified Description: A flaw has been discovered in the DVR firmware's encryption logic, which is inappropriate and allows for decryption. The issue was found by Vladimir Kononovich, a security researcher...
CVE-2023-37396
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671...
Mozilla Thunderbird < 115.8.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.8.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-11 advisory. - The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other...
LightPicture Security Vulnerability
LightPicture is an enterprise/team/individual image resource management system, graphic bed system by osuuuu individual developers. A security vulnerability exists in LightPicture 1.2.2 and earlier versions, which stems from the fact that the file /app/middleware/TokenVerify.php leads to the use ...
IBM PowerSC 加密问题漏洞
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly...
Qualcomm Chipsets Security Vulnerability
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. The Qualcomm Chipsets have a security vulnerability that stems from an encryption issue in the car when unpacking the key secs2d and using RPMB data for authentication...
Design/Logic Flaw
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...
CVE-2023-41137
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server...
AZL-35298 CVE-2023-46129 affecting package telegraf for versions less than 1.29.4-1
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
Authentication flaw
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
NATS Server Security Vulnerability
NATS Server is an open source messaging system. The system is primarily used for cloud-native applications, IoT messaging, and microservice architectures. A security vulnerability exists in NATS Server versions 2.10.0 through 2.10.3, and nkeys versions 0.4.0 through 0.4.5, which stems from the...