159 matches found
Salt 安全漏洞
Salt is an automation, infrastructure management, data-driven orchestration and remote execution application from the Salt project. Salt has a security vulnerability that stems from vulnerability to replay attacks when TLS encrypted transmissions are not used...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
Weblate: exposure of personal IP address via email.
The exposure of personal IP addresses through email messages has been identified as a potential security issue. Email messages can pass through multiple servers, which may store or record the content, including the user's IP address, even if the email is encrypted during transit. The user's IP...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
CVE-2025-48960
CVE-2025-48960 concerns a weak server key used for TLS encryption affecting Acronis Cyber Protect 16 on Linux, macOS, and Windows before build 39938 . The vulnerability is caused by inadequate key material in the TLS setup, leading to low confidentiality (C) and partial integrity issues (I) per t...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
PT-2025-23803 · Acronis · Acronis Cyber Protect 16
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 39938 Description: The issue is related to a weak server key used for TLS encryption. This affects Acronis Cyber Protect 16 on various operating systems, including Linux, macOS, and Windows...
CVE-2022-37177
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence...
CVE-2021-42017
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM...
CVE-2019-9013
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component a...
Security Bulletin: A vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2024-56128)
Summary There is a Kafka vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation...
Security Bulletin: Vulnerability in Apache Kafka's SCRAM implementation affects watsonx.data
Summary Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary:...
Linux Distros Unpatched Vulnerability : CVE-2020-1968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have...
BIT-KAFKA-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
CVE-2024-56128
A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM, which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the...
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
CVE-2024-56128
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
CVE-2024-56128
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
CVE-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...