Lucene search
+L

99 matches found

CNNVD
CNNVD
added 2024/03/15 12:0 a.m.7 views

Sciener firmware security vulnerability

Sciener is a smart lock firmware from Sciener. The Sciener firmware has a security vulnerability that stems from the fact that the AES key for the pairing between the lock and the wireless keypad is not unique and can be reused...

6.8CVSS6.8AI score0.0028EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:7 a.m.23 views

BIT-JENKINS-2020-2099

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonati...

8.6CVSS8.2AI score0.01012EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2023/12/04 1:16 p.m.73 views

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle AitM scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2...

6.8CVSS7.2AI score0.01297EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2023/11/26 10:15 p.m.9 views

CVE-2023-49312

Precision Bridge PrecisionBridge.exe aka the thick client before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address...

9.1CVSS5.8AI score0.00676EPSS
Exploits1References3
OSV
OSV
added 2023/11/26 10:15 p.m.4 views

CVE-2023-49312

Precision Bridge PrecisionBridge.exe aka the thick client before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address...

9.1CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2023/11/26 12:0 a.m.6 views

Precision Bridge Security Vulnerability

Precision Bridge is a data migration and synchronization software from Precision Bridge. Precision Bridge A security vulnerability exists in PrecisionBridge.exe versions prior to 7.3.21, which stems from the use of the same license key on multiple systems via vectors involving Process Hacker memo...

9.1CVSS6.8AI score0.00676EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/26 12:0 a.m.5 views

PT-2023-31162 · Unknown · Precision Bridge

Name of the Vulnerable Software and Affected Versions: Precision Bridge PrecisionBridge.exe versions prior to 7.3.21 Description: The issue allows for an integrity violation where the same license key can be used on multiple systems. This is achieved through vectors involving a Process Hacker...

9.1CVSS9AI score0.00676EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.13 views

PT-2023-26679 · Tp Link · Tapo Application +4

Name of the Vulnerable Software and Affected Versions: TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.2.3 TPLink Smart Bulb Tapo series L510E versions 1.0.0 through 1.0.9 TPLink Smart Bulb Tapo series L630 versions 1.0.0 through 1.0.3 TPLink Smart Bulb Tapo series P100 versions 1.0.0...

7.5CVSS7AI score0.00694EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2023/06/06 12:0 a.m.14 views

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

6.8AI score0.0035EPSS
Exploits1References3
Hacker One
Hacker One
added 2023/03/31 1:33 p.m.37 views

Node.js: DiffieHellman doesn't generate keys after setting a key

DiffieHellman in Node.js did not generate new keys after setting a key, due to an issue in OpenSSL. This vulnerability could have allowed for key reuse and potential compromise of confidentiality and integrity in applications relying on DiffieHellman for security...

7.5CVSS7.5AI score0.01462EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.6 views

SUSE CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

8CVSS7AI score0.02128EPSS
Exploits0References21
Cvelist
Cvelist
added 2022/12/16 12:0 a.m.50 views

CVE-2021-35252 Common Key Vulnerability in Serv-U FTP Server

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

7.5CVSS7.7AI score0.00524EPSS
Exploits0References3
OSV
OSV
added 2022/08/25 11:15 p.m.4 views

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

9.8CVSS6AI score0.01191EPSS
Exploits0References2
NVD
NVD
added 2022/08/25 11:15 p.m.15 views

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

9.8CVSS0.01191EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/25 11:15 p.m.2 views

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

9.8CVSS7.4AI score0.01191EPSS
Exploits0References3
Prion
Prion
added 2022/08/25 11:15 p.m.16 views

Remote code execution

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

7.5CVSS9.6AI score0.01191EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/25 10:38 p.m.23 views

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response IDR through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload...

9.9AI score0.01191EPSS
Exploits0References2
CVE
CVE
added 2022/08/25 10:38 p.m.57 views

CVE-2022-28747

CVE-2022-28747 affects GoSecure Titan Inbox Detection & Response (IDR); root cause is key reuse that enables remote code execution. The vulnerability exists in IDR versions prior to 2022-04-05. An attacker can exploit by crafting and signing a serialized payload. Impact is remote code execution w...

9.8CVSS9.6AI score0.01191EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.6 views

GoSecure Titan 安全漏洞

GoSecure Titan is a hosted detection and response platform from GoSecure. A security vulnerability exists in GoSecure Titan Inbox Detection & Response IDR that stems from key reuse in Inbox Detection & Response IDR that can lead to remote code execution...

9.8CVSS6.1AI score0.01191EPSS
Exploits0References3
OSV
OSV
added 2022/06/17 11:3 a.m.5 views

OESA-2022-1715 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, ...

7.2CVSS6.8AI score0.02128EPSS
Exploits0References2
Rows per page
Query Builder