Lucene search
K

125 matches found

Prion
Prion
added 2024/02/23 11:15 p.m.23 views

Hardcoded credentials

Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents...

7.2AI score0.01025EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/02/07 12:0 a.m.5 views

Vulnerability of the Server component: Security: Encryption of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server component: Security: Encryption of the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor to cause service interruptions...

6.5CVSS6.7AI score0.01104EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/02/05 4:15 p.m.2 views

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

9.8CVSS5.8AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.4 views

PT-2024-15469 · B&R · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime affected versions not specified Description: The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0, and TLSv1.1. A network-based attacker can exploit the flaws...

9.8CVSS6.9AI score0.0023EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.2 views

IBM Db2 Security Vulnerabilities

IBM Db2 is a relational database management system from International Business Machines IBM. The system is implemented on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a security vulnerability that stems from susceptibility to attacks with insecure encryption algorith...

7.5CVSS6.1AI score0.00577EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/07/03 7:55 p.m.25 views

CVE-2023-36608

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...

6.5CVSS6.7AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/03 12:0 a.m.7 views

Ovarro TBox RTUs 加密问题漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. Ovarro TBox RTUs is vulnerable to an encryption issue that arises from the use of an insecure encryption algorithm to encrypt stored hash passwords...

6.5CVSS6.6AI score0.0023EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/06/28 12:0 a.m.385 views

WordPress Social Login And Register 7.6.4 Authentication Bypass

Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...

7.1AI score0.46947EPSS
Exploits4
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.3 views

IBM QRadar SIEM 加密问题漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

7.5CVSS7.7AI score0.00388EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/22 12:0 a.m.6 views

HCL Technologies BigFix OSD 加密问题漏洞

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. for operating system deployment. A security vulnerability exists in the HCL Technologies BigFix OSD that stems from the server using an insecure encryption algorithm...

7.8CVSS7.4AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/08 12:0 a.m.4 views

PT-2023-24839 · Progress · Progress Datadirect Connect For Odbc

Name of the Vulnerable Software and Affected Versions: Progress DataDirect Connect for ODBC versions prior to 08.02.2770 for Oracle Description: An issue was discovered when using Oracle Advanced Security OAS encryption. If an error occurs while initializing the encryption object, the code falls...

5.9CVSS7.1AI score0.00327EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.2 views

Dell CloudLink 加密问题漏洞

Dell CloudLink is a data encryption and key management system from Dell USA. An encryption issue vulnerability exists in Dell CloudLink version 7.1.2 and prior versions. The vulnerability stems from the system's use of insecure encryption, which could be exploited by an attacker to cause certain...

7.5CVSS6.5AI score0.00424EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/04/22 12:0 a.m.5 views

The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to carry out a “man-in-the-middle” attack and increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to the insecure use of the RC4 encryption algorithm with a MD4 hash function. Exploiting this vulnerability could allow an attacker to carry out a “man-in-the-middle” attack and increase their privileges...

8.1CVSS7.7AI score0.0292EPSS
Exploits0References3
Veracode
Veracode
added 2022/09/08 8:29 p.m.9 views

Cross Site Request Forgery (CSRF)

Csurf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability exists because of using insecure encryption, failing to check cookie signatures by default and incorrect implementation of the double-submit cookie implementation. An attacker can leverage these vulnerabilities to generate...

3.1AI score
Exploits0
Prion
Prion
added 2022/07/26 11:15 p.m.23 views

Hardcoded credentials

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

7.5CVSS9.5AI score0.00544EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.4 views

Rocket Chip 加密问题漏洞

Rocket Chip is an open source Sysem-on-Chip design generator. A security vulnerability exists in Rocket Chip that stems from an insecure encryption issue in the /rocket/RocketCore.scala component...

9.1CVSS8.2AI score0.00468EPSS
Exploits0References4
OSV
OSV
added 2022/06/08 4:15 p.m.4 views

CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

7.5CVSS7.1AI score0.01632EPSS
Exploits1References14
Prion
Prion
added 2022/06/08 4:15 p.m.23 views

Hardcoded credentials

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

5CVSS7.2AI score0.01632EPSS
Exploits1References14Affected Software4
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.3 views

Verbatim Keypad Secure USB Drive 加密问题漏洞

The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from the Chinese company Verbatim. The Verbatim Keypad Secure USB Drive is vulnerable to an encryption issue that arises from the use of an insecure encryption mode that could allow an attacker to extract information eve...

7.5CVSS7.3AI score0.01632EPSS
Exploits1References19
OSV
OSV
added 2022/05/17 2:45 a.m.10 views

GHSA-98VC-98Q7-57QF Dolibarr ERP and CRM Insecure Encryption

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...

9.8CVSS9.4AI score0.01066EPSS
Exploits3References2
Rows per page
Query Builder