CVE-2020-8152

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...

CVE-2020-8259

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...

Authorization

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...

CVE-2020-8259

Nextcloud Server 19.0.1 is affected by CVE-2020-8259 due to insufficient protection of server-side encryption keys, allowing an attacker to replace the encryption keys. Exploitation details are not provided in the connected docs; the issue is described as a vulnerability in the key protection mec...

CVE-2020-8259

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...

DEBIAN-CVE-2020-28368

Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for...

UBUNTU-CVE-2020-28368

Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for...

CVE-2020-26814

SAP Process Integration PGP Module - Business-to-Business Add On, version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure...

PT-2020-6349

Name of the Vulnerable Software and Affected Versions Modicon M221 all references, all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A vulnerability exists due to a small space of random values, which could allow an attacker to brea...

CVE-2020-11487

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may le...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

VulnCheck KEV: CVE-2017-9248

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey, perform cross-site-scripting XSS attacks, compromise the ASP.NET...

PT-2020-20067 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace these keys. Recommendations: For Nextcloud Server version 19.0.1, update to a version...

Acronis: Large Amounts of Back-End Acronis Source Code is Publicly Accessible

Vulnerability description not provided...

Windows SecureCRT Session Information Enumeration

This module will determine if SecureCRT is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible, using the decryption information that HyperSine reverse...

IBM Data Risk Manager Hardcoded Credentials Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A hard-coded credentials vulnerability exists in IBM Data Risk Manager 2.0.6. An attacker could exploit the vulnerability to obtain hard-coded credentials such as passwords...

CVE-2020-11684

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage such as the bootloader...

IBM Security Guardium Data Encryption (GDE) Hardcoded Credentials Vulnerability

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A hard-coded credentials vulnerability exists in IBM Security Guardium Data Encryption GDE 3.0.0.2, which can be...

ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls

Researchers have discovered an attack on the Voice over LTE VoLTE mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls. Dubbed ReVoLTE, the attack — detailed by a group of academic researchers from Ruhr University Bochum and New York...