IBM Maximo Application Suite 安全漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A security vulnerability exists in IBM Maximo Application Suite-Monitor Component, which stems from the...

Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

Overview AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-31408 Insufficiently protected credentials...

The vulnerability in the implementation of the SSH server of the Cisco Catalyst Center (formerly Cisco DNA Center) allows a attacker to execute a spoofing attack.

The vulnerability of the SSH-server implementation in the Cisco Catalyst Center formerly Cisco DNA Center network infrastructure management system is related to the use of cryptographic algorithms for encryption with a hard-programmed key. Exploiting this vulnerability could allow a malicious act...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

Victure PC420 安全漏洞

Victure PC420 is a web-based smart camera from Victure. A security vulnerability exists in the Victure PC420 version 1.1.39 that stems from the use of a hard-coded key to encrypt data...

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD Graphics Driver, which stems from a hard-coded AES key that could cause a privileged attacker to gain access to the key, leading to the disclosure of internal debugging...

CVE-2024-20323

A vulnerability in Cisco Intelligent Node iNode Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of...

Siemens Mendix Encryption Module Hardcoded Default Encryption Key Vulnerability

The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...

Siemens Mendix 安全漏洞

The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...

PT-2024-8753 · Mendix · Mendix Encryption

Name of the Vulnerable Software and Affected Versions: Mendix Encryption versions 10.0.0 through 10.0.1 Description: A vulnerability has been identified in the Mendix Encryption module, where affected versions define a specific hard-coded default value for the EncryptionKey constant. This default...

CVE-2024-39206

An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key...

PT-2024-28386 · Msp360 · Msp360 Backup Agent

Name of the Vulnerable Software and Affected Versions: MSP360 Backup Agent versions 7.8.5.15 through 7.9.4.84 Description: An issue in the software allows attackers to obtain network share credentials used in a backup. This is due to the enginesettings.list being encrypted with a hard-coded key...

"Piccoma" App uses a hard-coded API key for an external service

Overview "Piccoma" App for Android and "Piccoma" App for iOS provided by Kakao piccoma Corp. use a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

PT-2024-37099 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. The flaw exists within the HTTP API and results from using a...

Veeam Recovery Orchestrator Security Breach

Veeam Recovery Orchestrator is a Veeam company that provides comprehensive reporting, automated testing, and at-a-glance compliance dashboards. A security vulnerability exists in Veeam Recovery Orchestrator version 7.0 that stems from a Hard-coded JWT key that can bypass authentication...

PT-2024-25508 · Unknown · Ci-Out-Of-Office Manager

Name of the Vulnerable Software and Affected Versions: CI-Out-of-Office Manager versions through 6.0.0.77 Description: The issue concerns the use of a hard-coded cryptographic key in the software. This could potentially allow unauthorized access or decryption of sensitive data. Recommendations: F...

CVE-2024-5296

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

PT-2024-3881 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to bypass authentication on affected installations of D-Link D-View. The specific flaw exists within the TokenUtils class and results from a...

The vulnerability of the software for calculating the positions of individual RTLS transponders of SIMATIC RTLS Locating Manager lies in the hard-programmed encryption key, which allows a intruder to disclose the protected information.

The vulnerability of the software for calculating the positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to a rigidly programmed encryption key. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose the protected information...