125 matches found
Hardcoded credentials
Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents...
Vulnerability of the Server component: Security: Encryption of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component: Security: Encryption of the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor to cause service interruptions...
CVE-2024-0323
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...
PT-2024-15469 · B&R · B&R Automation Runtime
Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime affected versions not specified Description: The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0, and TLSv1.1. A network-based attacker can exploit the flaws...
IBM Db2 Security Vulnerabilities
IBM Db2 is a relational database management system from International Business Machines IBM. The system is implemented on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a security vulnerability that stems from susceptibility to attacks with insecure encryption algorith...
CVE-2023-36608
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...
Ovarro TBox RTUs 加密问题漏洞
Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. Ovarro TBox RTUs is vulnerable to an encryption issue that arises from the use of an insecure encryption algorithm to encrypt stored hash passwords...
WordPress Social Login And Register 7.6.4 Authentication Bypass
Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...
IBM QRadar SIEM 加密问题漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
HCL Technologies BigFix OSD 加密问题漏洞
HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. for operating system deployment. A security vulnerability exists in the HCL Technologies BigFix OSD that stems from the server using an insecure encryption algorithm...
PT-2023-24839 · Progress · Progress Datadirect Connect For Odbc
Name of the Vulnerable Software and Affected Versions: Progress DataDirect Connect for ODBC versions prior to 08.02.2770 for Oracle Description: An issue was discovered when using Oracle Advanced Security OAS encryption. If an error occurs while initializing the encryption object, the code falls...
Dell CloudLink 加密问题漏洞
Dell CloudLink is a data encryption and key management system from Dell USA. An encryption issue vulnerability exists in Dell CloudLink version 7.1.2 and prior versions. The vulnerability stems from the system's use of insecure encryption, which could be exploited by an attacker to cause certain...
The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to carry out a “man-in-the-middle” attack and increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to the insecure use of the RC4 encryption algorithm with a MD4 hash function. Exploiting this vulnerability could allow an attacker to carry out a “man-in-the-middle” attack and increase their privileges...
Cross Site Request Forgery (CSRF)
Csurf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability exists because of using insecure encryption, failing to check cookie signatures by default and incorrect implementation of the double-submit cookie implementation. An attacker can leverage these vulnerabilities to generate...
Hardcoded credentials
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...
Rocket Chip 加密问题漏洞
Rocket Chip is an open source Sysem-on-Chip design generator. A security vulnerability exists in Rocket Chip that stems from an insecure encryption issue in the /rocket/RocketCore.scala component...
CVE-2022-28382
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...
Hardcoded credentials
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...
Verbatim Keypad Secure USB Drive 加密问题漏洞
The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from the Chinese company Verbatim. The Verbatim Keypad Secure USB Drive is vulnerable to an encryption issue that arises from the use of an insecure encryption mode that could allow an attacker to extract information eve...
GHSA-98VC-98Q7-57QF Dolibarr ERP and CRM Insecure Encryption
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...