CVE-2024-55927

CVE-2024-55927 affects Xerox Workplace Suite. The flaw stems from flawed token generation and hard-coded keys, enabling potential unauthorized access to sensitive functions. Affected versions include those prior to 5.6.701.9. Remediation: update to 5.6.701.9 or later; as a temporary workaround, r...

Xerox Workplace Suite 信任管理问题漏洞

Xerox Workplace Suite is a powerful print management software from Xerox. A trust management issue vulnerability exists in Xerox Workplace Suite version 5.6.701.9, which stems from the use of a flawed token generation implementation and hard-coded key implementation...

CVE-2024-50564

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped...

CVE-2023-37936

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2023-37936

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests...

Weasis 安全漏洞

Weasis is an open source DICOM medical image viewer, mainly used to visualize images obtained from medical imaging devices. A key disclosure vulnerability exists in Weasis version 4.5.1, which stems from having a hard-coded key for symmetric encryption of proxy credentials in...

Trellix Data Loss Prevention 安全漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. A security vulnerability exists in Trellix Data Loss Prevention Trellix DLP version...

Thinkware Cloud APK 安全漏洞

Thinkware Cloud APK is a free Android app from Thinkware that allows easy access to Thinkware Car Recorder. A security vulnerability exists in Thinkware Cloud APK version v4.3.46 that stems from a hard-coded decryption key in the application, which allows an attacker to access sensitive data and...

Ever Traduora Platform 安全漏洞

Ever Traduora Platform is an open translation management platform from Traduora, Inc. A security vulnerability exists in Ever Traduora Platform version 0.20.0 and earlier, which stems from the use of a hard-coded JWT signing key that could lead to elevated privileges...

CVE-2024-5722

Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this...

AIPHONE IX SYSTEM和AIPHONE IXG SYSTEM 安全漏洞

AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM are both products of AIPHONE CORPORATION Japan AIPHONE IX SYSTEM is an IP visual intercom system.AIPHONE IXG SYSTEM is an IP-based residential system. A security vulnerability exists in AIPHONE IX SYSTEM and AIPHONE IXG SYSTEM that stems from the presence ...

PT-2024-31802 · Aiphone · Aiphone Ixg System

Name of the Vulnerable Software and Affected Versions: AIPHONE IX SYSTEM affected versions not specified AIPHONE IXG SYSTEM affected versions not specified System Support Software affected versions not specified Description: A use of hard-coded cryptographic key issue exists, allowing a...

TRCore DVC Trust Management Issue Vulnerability

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

"Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

Overview "Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Nishimura Reiji of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

TRCore DVC 安全漏洞

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

CVE-2024-10920

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the...

CVE-2024-10920 mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the...

CVE-2024-10920 mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the...

PT-2024-16642 · Unknown · Travels-Java-Api

Name of the Vulnerable Software and Affected Versions: travels-java-api versions up to 5.0.1 Description: A vulnerability was found in the travels-java-api, classified as problematic. The issue affects the function doFilterInternal of the file...

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...