HCL Technologies HCL Launch 加密问题漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. for handling the most complex deployment processes in DevOps. A cryptographic issue vulnerability exists in the HCL Technologies HCL Launch Container that stems from th...

TP-LINK AX10 信任管理问题漏洞

The TP-LINK AX10 is a router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK AX10 version V12111117, which originates from the use of hard-coded encryption keys by web application clients when communicating with the router. An attacker could use this vulnerability to obtain...

Information Disclosure

rabbitmq-server is vulnerable to Information Disclosure. The vulnerability is due to a lack of validated encryption keys in shovel and federation plugins which allows attackers to obtain sensitive information...

PT-2022-6340 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to the transmission of information sufficient for recovering encryption keys in plain text, which could allow a remote attacker to decrypt the configuration protoco...

Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware

A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zurich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegi...

Ubuntu: Security Advisory (USN-612-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors

A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner...

IBM Security Verify Information Queue 信任管理问题漏洞

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. IBM Security Verify Information Queue version 10.0.2 is vulnerable to a trust management issue stemming from its use of hard-coded credentials used for inbound authentication, outbound communication to...

VitalPBX Access Control Error Vulnerability

VitalPBX is an Asterisk-based unified communications PBX system. It supports deployment on both virtual or physical machines, as well as in cloud server environments. An Access Control Error vulnerability exists in VitalPBX versions prior to 3.2.1, which stems from a lack of access control in the...

VitalPBX 安全特征问题漏洞

VitalPBX is an Asterisk-based unified communications PBX system. It supports deployment on both virtual or physical machines, as well as in cloud server environments. An Access Control Error vulnerability exists in VitalPBX versions prior to 3.2.1, which stems from a lack of access control in the...

Hertzbleed: A New Side-Channel Attack

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but its not generally viable because measuring power consumption is often hard. This new attack measures power consumption ...

New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University ...

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

Ping Identity Windows PingId 信任管理问题漏洞

Ping Identity Windows PingId is a software from Ping Identity, Inc. that provides security for applications. A vulnerability with trust management issues exists in PingId Integration for Windows Login 2.4.1 and prior versions, which stems from the use of static encryption key material to allow...

Gravitl Netmaker安全漏洞

Gravitl Netmaker is a platform for creating and managing fast, secure and dynamic virtual overlay networks using WireGuard from Gravitl USA. for creating and controlling automated virtual networks. Gravitl Netmaker has a security vulnerability that stems from the use of hard-coded encryption keys...

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform for creating and managing fast, secure and dynamic virtual overlay networks using WireGuard from Gravitl USA. for creating and controlling automated virtual networks. Gravitl Netmaker has a security vulnerability that stems from the use of hard-coded encryption keys...

CVE-2021-34600

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation...

PT-2022-10364 · Telenot · Telenot Compasx

Name of the Vulnerable Software and Affected Versions: Telenot CompasX versions prior to 32.0 Description: The issue is related to the use of a weak seed for random number generation, which leads to predictable AES keys used in NFC tags for local authorization of users. This may result in the tot...

CVE-2021-44029

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...

CVE-2021-44029

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...