Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.843 and Application 20.0.1923 that stems from insufficient password encryption strength...

CVE-2024-54089

A vulnerability has been identified in APOGEE PXC Series BACnet All versions, APOGEE PXC Series P2 Ethernet All versions, TALON TC Series BACnet All versions. Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the...

The vulnerability of the Defender Sensor component of the IBM Storage Defender Data Resiliency Service (DRS) protection tool allows a attacker to execute a “man-in-the-middle” type attack.

The vulnerability of the Defender Sensor component of the IBM Storage Defender Data Resiliency Service DRS protection tool is related to improper data encryption. Exploiting this vulnerability could allow a malicious actor to execute a “man-in-the-middle” type attack...

IBM DevOps Velocity和IBM UrbanCode Velocity 加密问题漏洞

IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...

PT-2024-36553 · Weasis · Weasis

Name of the Vulnerable Software and Affected Versions: Weasis version 4.5.1 Description: The issue concerns a hardcoded key for symmetric encryption of proxy credentials in the ui/pref/ProxyPrefView.java file within the weasis-core component of Weasis. This hardcoded key is used for the symmetric...

SUSE CVE-2024-45719

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

Siemens SICAM A8000 CP-8031 and CP-8050 Firmware Decryption Vulnerability

The SICAM A8000 RTU Remote Terminal Unit is a modular device for remote control and automation applications in all areas of energy supply. A firmware decryption vulnerability exists in the Siemens SICAM A8000 CP-8031 and CP-8050 due to the fact that the affected devices contain a secure element...

CVE-2024-45719

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

Cisco UCS Central Software Configuration Backup Information Disclosure (cisco-sa-ucsc-bkpsky-TgJ5f73J)

According to its self-reported version, Cisco UCS Central Software Configuration Backup Information Disclosure is affected by a vulnerability. - A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information...

PT-2024-7336 · Cisco · Cisco Ucs Central

Name of the Vulnerable Software and Affected Versions: Cisco UCS Central Software affected versions not specified Description: A weakness in the encryption method used for the backup function in Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive...

CVE-2024-45273

CVE-2024-45273 describes an unauthenticated local attacker who can decrypt the device’s configuration file due to a weak encryption implementation, leading to compromise of confidentiality, integrity, and availability. The vulnerability is triggered locally (attack vector: LOCAL) with low privile...

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

IBM Maximo Application Suite 加密问题漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An encryption issue vulnerability exists in IBM Maximo Application Suite versions 8.10, 8.11, and 9.0,...

CVE-2024-45394 Secret encryption vulnerable to brute-force attacks

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...

Changing TCBServiSign 加密问题漏洞

Changing TCBServiSign is a cross-platform security control component from China-based Changing. An encryption issue vulnerability exists in versions prior to Changing TCBServiSign 1.0.24.0318, which stems from insufficient encryption strength of the authorization key, and can be exploited by a...

SAMSUNG Mobile Processor Security Vulnerability

SAMSUNG Mobile Processor is a series of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor, which stems from the baseband software not properly checking the format type specified by the RRC, resulting in insufficient encryption...

SUSE CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

PT-2024-22656 · Dell · Dell Emc Data Protection Advisor

Name of the Vulnerable Software and Affected Versions: Dell Data Protection Advisor version 19.9 Description: The issue is related to inadequate encryption strength, which could be exploited by a low-privileged attacker with remote access, potentially leading to denial of service. Recommendations...

RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Fiddle::Function.new heap buffer overflow CVE-2016-2339 - Type confusion exists in canceleval Ruby'...

The vulnerability of the USB Pratirodh software for controlling the use of removable information storage media lies in its insufficient encryption strength, allowing a hacker to obtain the user’s password.

The vulnerability of the USB Pratirodh software for controlling the use of removable information storage media is related to insufficient encryption strength. Exploiting this vulnerability can allow a perpetrator to obtain the user’s password...