Lucene search
K

239 matches found

Cvelist
Cvelist
added 2024/10/08 4:25 p.m.16 views

CVE-2024-9620 Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption

A flaw was found in Event-Driven Automation EDA in Ansible Automation Platform AAP, which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access...

5.3CVSS0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.4 views

PT-2024-10413 · Ibm · Ibm Storage Defender

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender versions 2.0.0 through 2.0.7 Description: The issue is related to the IBM Storage Defender's Defender Sensor component, which has incorrect data encryption. This could allow a remote attacker to obtain sensitive informati...

7.5CVSS6.5AI score0.00247EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.3 views

Authenticator 加密问题漏洞

Authenticator is an open source authenticator from Authenticator Extension. An encryption issue vulnerability exists in Authenticator version 7.0.0 and prior versions, which stems from the fact that user data encryption keys are stored using only AES-256 and EVPBytesToKey KDF, which could lead to...

8.8CVSS6.5AI score0.00088EPSS
Exploits0References3
OSV
OSV
added 2024/08/22 4:15 a.m.3 views

CVE-2024-45165

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "c2007 UCI Software GmbH B.Boll" without quotes. The key is both static and hardcoded. With access to messages, this results...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/19 12:0 a.m.25 views

CVE-2024-42657

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process...

6.7AI score0.00481EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/18 12:0 a.m.8 views

Dell Data Lakehouse 安全漏洞

Dell Data Lakehouse is a fully integrated data platform from Dell, Inc. An encryption issue vulnerability exists in Dell Data Lakehouse version 1.0.0.0, which stems from a missing encryption of sensitive data contained in the DDAE. An attacker could exploit this vulnerability to cause information...

6.8CVSS6.3AI score0.00096EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.3 views

IBM Security Access Manager 加密问题漏洞

IBM Security Access Manager is a product for information security management applications from International Business Machines IBM. The product enables access management control through integrated appliances for web, mobile and cloud computing. IBM Security Access Manager suffers from an encrypti...

7.5CVSS8.4AI score0.00461EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.7 views

PT-2024-26952 · Freefrom · Freefrom

Name of the Vulnerable Software and Affected Versions: FreeFrom - the nostr client versions prior to 1.3.5 Description: A reusing nonce, key pair in encryption issue exists. If this issue is exploited, the content of direct messages between users may be manipulated by a man-in-the-middle attack...

5.3CVSS7AI score0.00234EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/26 7:16 a.m.19 views

CVE-2023-6096 using a inappropriate encryption logic

Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

7.4CVSS7AI score0.00661EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.6 views

PT-2024-14882 · Unknown · Dvr Firmware

Name of the Vulnerable Software and Affected Versions: DVR firmware affected versions not specified Description: A flaw has been discovered in the DVR firmware's encryption logic, which is inappropriate and allows for decryption. The issue was found by Vladimir Kononovich, a security researcher...

8.9CVSS6.5AI score0.00661EPSS
Exploits0References4
OSV
OSV
added 2024/04/19 4:15 p.m.6 views

CVE-2023-37396

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671...

5.5CVSS5.8AI score0.00079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/05 12:0 a.m.39 views

Mozilla Thunderbird < 115.8.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.8.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-11 advisory. - The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other...

7.5CVSS8AI score0.00682EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.6 views

LightPicture Security Vulnerability

LightPicture is an enterprise/team/individual image resource management system, graphic bed system by osuuuu individual developers. A security vulnerability exists in LightPicture 1.2.2 and earlier versions, which stems from the fact that the file /app/middleware/TokenVerify.php leads to the use ...

8.1CVSS6.7AI score0.00748EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.6 views

IBM PowerSC 加密问题漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly...

7.5CVSS6.6AI score0.00318EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/02 12:0 a.m.4 views

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. The Qualcomm Chipsets have a security vulnerability that stems from an encryption issue in the car when unpacking the key secs2d and using RPMB data for authentication...

7.1CVSS6.9AI score0.00087EPSS
Exploits0References3
Prion
Prion
added 2023/12/21 11:15 a.m.15 views

Design/Logic Flaw

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

5CVSS6.7AI score0.00274EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/09 3:15 p.m.4 views

CVE-2023-41137

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/10/31 12:15 a.m.11 views

AZL-35298 CVE-2023-46129 affecting package telegraf for versions less than 1.29.4-1

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

7.5CVSS7.2AI score0.00374EPSS
Exploits0References1
Prion
Prion
added 2023/10/31 12:15 a.m.17 views

Authentication flaw

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

5CVSS7.5AI score0.00374EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2023/10/29 12:0 a.m.4 views

NATS Server Security Vulnerability

NATS Server is an open source messaging system. The system is primarily used for cloud-native applications, IoT messaging, and microservice architectures. A security vulnerability exists in NATS Server versions 2.10.0 through 2.10.3, and nkeys versions 0.4.0 through 0.4.5, which stems from the...

7.5CVSS6.7AI score0.00374EPSS
Exploits0References5
Rows per page
Query Builder