CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...

CVE-2023-1809

The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files...

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

CVE-2013-4787

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file APK that is modified in a way that does not violate the cryptographic signature, probably involving multiple...

SUSE CVE-2022-49899

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally managing the fscryptmasterkey structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived its...

DEBIAN-CVE-2022-49899

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally managing the fscryptmasterkey structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived its...

UBUNTU-CVE-2022-49899

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally managing the fscryptmasterkey structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived its...

CVE-2022-49899 fscrypt: stop using keyrings subsystem for fscrypt_master_key

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally managing the fscryptmasterkey structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived its...

CVE-2022-49899 fscrypt: stop using keyrings subsystem for fscrypt_master_key

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally managing the fscryptmasterkey structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived its...

CVE-2022-49899 fscrypt: stop using keyrings subsystem for fscrypt_master_key

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscryptmasterkey The approach of fs/crypto/ internally managing the fscryptmasterkey structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived its...

CVE-2025-46329

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

PT-2025-18616 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue was related to the use of the keyrings subsystem for managing fscrypt master key structs. This approach led to several...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper use of the key ring subsystem, which could lead to master key management issues...

PT-2025-18133 · Snowflake · Libsnowflakeclient

Name of the Vulnerable Software and Affected Versions: libsnowflakeclient versions 0.5.0 through 2.2.0 Description: The issue concerns local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the targ...

CVE-2025-27496

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...

CVE-2025-27496

Summary: CVE-2025-27496 affects Snowflake JDBC Driver versions 3.0.13–3.23.0. When logging level is DEBUG, the driver locally logs the client-side encryption master key of the target stage during GET/PUT, exposing a sensitive key through logs. The issue is not logged server-side and does not by i...

CVE-2025-0714

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...

PT-2025-6799 · Mobaxterm · Mobaxterm

Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 25.0 Description: The issue exists in the password storage of MobaXterm, where it uses an initialization vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the defaul...

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a suite of terminal software from Mobatek France that integrates an enhanced terminal, an X server, and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to 25.0, which stems from the way the password storage IV is generated an...