99 matches found
Sciener firmware security vulnerability
Sciener is a smart lock firmware from Sciener. The Sciener firmware has a security vulnerability that stems from the fact that the AES key for the pairing between the lock and the wireless keypad is not unique and can be reused...
BIT-JENKINS-2020-2099
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...
New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks
New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle AitM scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2...
CVE-2023-49312
Precision Bridge PrecisionBridge.exe aka the thick client before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address...
CVE-2023-49312
Precision Bridge PrecisionBridge.exe aka the thick client before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address...
Precision Bridge Security Vulnerability
Precision Bridge is a data migration and synchronization software from Precision Bridge. Precision Bridge A security vulnerability exists in PrecisionBridge.exe versions prior to 7.3.21, which stems from the use of the same license key on multiple systems via vectors involving Process Hacker memo...
PT-2023-31162 · Unknown · Precision Bridge
Name of the Vulnerable Software and Affected Versions: Precision Bridge PrecisionBridge.exe versions prior to 7.3.21 Description: The issue allows for an integrity violation where the same license key can be used on multiple systems. This is achieved through vectors involving a Process Hacker...
PT-2023-26679 · Tp Link · Tapo Application +4
Name of the Vulnerable Software and Affected Versions: TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.2.3 TPLink Smart Bulb Tapo series L510E versions 1.0.0 through 1.0.9 TPLink Smart Bulb Tapo series L630 versions 1.0.0 through 1.0.3 TPLink Smart Bulb Tapo series P100 versions 1.0.0...
CVE-2023-27126
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...
Node.js: DiffieHellman doesn't generate keys after setting a key
DiffieHellman in Node.js did not generate new keys after setting a key, due to an issue in OpenSSL. This vulnerability could have allowed for key reuse and potential compromise of confidentiality and integrity in applications relying on DiffieHellman for security...
SUSE CVE-2021-20288
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...
CVE-2021-35252 Common Key Vulnerability in Serv-U FTP Server
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...
CVE-2022-28747
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
CVE-2022-28747
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
CVE-2022-28747
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
Remote code execution
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
CVE-2022-28747
Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...
CVE-2022-28747
CVE-2022-28747 affects GoSecure Titan Inbox Detection & Response (IDR); root cause is key reuse that enables remote code execution. The vulnerability exists in IDR versions prior to 2022-04-05. An attacker can exploit by crafting and signing a serialized payload. Impact is remote code execution w...
GoSecure Titan 安全漏洞
GoSecure Titan is a hosted detection and response platform from GoSecure. A security vulnerability exists in GoSecure Titan Inbox Detection & Response IDR that stems from key reuse in Inbox Detection & Response IDR that can lead to remote code execution...
OESA-2022-1715 ceph security update
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, ...