GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it address...

Fedir Tsapana Simple HTTP Server PLUS Trust Management Issues Vulnerability

Fedir Tsapana Simple HTTP Server PLUS is an application from Fedir Tsapana that allows you to run small local HTTP servers with static content. A trust management issue vulnerability exists in Fedir Tsapana Simple HTTP Server PLUS version 1.8.1-plus and prior versions, which stems from the...

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

Information disclosure

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

CVE-2023-6105

Technical details about CVE-2023-6105 are not publicly provided in the supplied documents; monitor for updates.

CVE-2023-6105 ManageEngine Information Disclosure in Multiple Products

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

ManageEngine Multiple Product Security Vulnerabilities

ManageEngine is a series of IT management solutions from ManageEngine, Inc. A security vulnerability exists in multiple ManageEngine products, which stems from the presence of an information disclosure vulnerability that could lead to the disclosure of encryption keys...

IBM Security Verify Governance 信任管理问题漏洞

IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risk. IBM Security verify Governance suffers from a hard-coded vulnerability that...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

Hardcoded credentials

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

PT-2023-20985 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back manager version 2.3.1 Description: The issue arises from the use of a hardcoded salt in the license class configuration, leading to the generation of hardcoded and predictable symmetric encryption keys for license generati...

CVE-2023-27169

CVE-2023-27169 affects Xpand IT Write-back manager version 2.3.1. A hardcoded salt in the license class configuration leads to generation of a hardcoded and predictable symmetric encryption key used for license generation and validation. Impact is described as creation/validation of licenses with...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

Dell Storage Integration Tools for VMware 信息泄露漏洞

Dell Storage Integration Tools for VMware DSITV is an application from Dell, Inc. enables administrators to effectively manage, monitor, and protect workloads running on Dell Storage SC. An information disclosure vulnerability exists in Dell Storage Integration Tools for VMware DSITV version...

CVE-2023-4327

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux...

CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows...

CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows...