791 matches found
CVE-2024-31415
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encrypti...
TYPO3 Winstaller Default Encryption Keys
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TYPO3 Winstaller Default Encryption Keys', 'Description' = %q This module exploits known default encryption keys found in the TYPO3 Winstaller...
PT-2024-9958 · Ca · Ca Client Automation
Name of the Vulnerable Software and Affected Versions: CA Client Automation ITCM affected versions not specified Description: The issue is related to insecure privilege management in the CA Client Automation software, which allows non-admin or non-root users to encrypt strings using the CAF CLI a...
GHSA-6GR4-52W6-VMQX rke's credentials are stored in the RKE1 Cluster state ConfigMap
Impact When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: -...
Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware
Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...
CGA-XPJJ-HV4W-94C5
Bulletin has no description...
Kwik does not discard unused encryption keys
Kwik commit 745fd4e2 does not discard unused encryption keys...
GHSA-W8CP-FRXC-55PJ Kwik does not discard unused encryption keys
Kwik commit 745fd4e2 does not discard unused encryption keys...
CVE-2024-22588
Kwik commit 745fd4e2 does not discard unused encryption keys...
CVE-2024-22588
Kwik commit 745fd4e2 does not discard unused encryption keys...
CVE-2024-22588
Kwik commit 745fd4e2 does not discard unused encryption keys...
CVE-2024-22588
CVE-2024-22588 concerns Kwik, where the commit 745fd4e2 does not discard unused encryption keys. Affected software is Kwik (QUIC protocol implementation). Root cause: retention of unused encryption keys rather than discarding them, as described across multiple sources (GitHub advisory, Red Hat en...
CVE-2024-22588
Kwik commit 745fd4e2 does not discard unused encryption keys...
Kwik 安全漏洞
Kwik is a client and server that implements the QUIC protocol RFC 9000 by the individual developer Peter Doornbosch in the Netherlands. A security vulnerability exists in Kwik commit version 745fd4e2, which stems from the retention of unused encryption keys...
PT-2024-19493 · Kwik · Kwik
Name of the Vulnerable Software and Affected Versions: Kwik commit 745fd4e2 Description: The issue arises from Kwik not properly discarding unused encryption keys. Recommendations: For commit 745fd4e2, ensure that unused encryption keys are properly discarded to mitigate the issue...
D-Link D-View 安全漏洞
D-Link D-View is a Web-based design network device management software from China AUO D-Link. A trust management issue vulnerability exists in D-Link D-View8, which stems from the use of hard-coded encryption keys, and can be exploited by an attacker to bypass authentication on the system...
Trellix ePolicy Orchestrator 信任管理问题漏洞
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A trust management issue vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10 that stems from the use of hard-coded credentials that allow an attacker with administrator privileges to...
Magento Open Source Security Advisory: Patch SUPEE-10975
Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution RCE, cross-site scripting XSS, cross-site request forgery CSRF, and more. The following issues have been identified and...
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data
Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard AES algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from the...
CVE-2024-29941
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption...