CVE-2024-10128

The CVE-2024-10128 entry concerns Topdata Inner Rep Plus WebServer 2.01. Affected is functionality in the file td.js.gz where manipulation enables a risky cryptographic algorithm. The issue can be exploited remotely and has been publicly disclosed; vendor response is missing. Multiple sources cor...

CVE-2024-10128 Topdata Inner Rep Plus WebServer td.js.gz risky encryption

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been...

CVE-2024-10128 Topdata Inner Rep Plus WebServer td.js.gz risky encryption

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been...

CVE-2024-48016

Dell Secure Connect Gateway SCG 5.0 Appliance - SRS, versions 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to...

CVE-2024-48016

Dell Secure Connect Gateway SCG 5.0 Appliance - SRS, versions 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to...

CVE-2024-48016

CVE-2024-48016 affects Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, 5.24. Root cause: use of a broken/risky cryptographic algorithm. Impact: potential information disclosure via remote access by a low-privileged attacker; attacker could use exposed credentials to access the system with ...

CVE-2024-48016

Dell Secure Connect Gateway SCG 5.0 Appliance - SRS, versions 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to...

CVE-2023-6056

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...

CVE-2023-6057

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...

CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...

CVE-2023-6057

The CVE-2023-6057 entry describes a vulnerability in Bitdefender Total Security HTTPS scanning where the product incorrectly trusts certificates issued with the DSA signature algorithm due to improper certificate-chain checking. This can enable an attacker to perform MITM SSL connections to arbit...

Topdata Inner Rep Plus WebServer 加密问题漏洞

Topdata Inner Rep Plus WebServer is an application from Topdata Corporation. An encryption issue vulnerability exists in Topdata Inner Rep Plus WebServer version 2.01 that stems from the use of a risky encryption algorithm...

This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats

Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user's personal information to an attacker...

Festo CODESYS V3 Products Use of Password Hash With Insufficient Computational Effort (CVE-2020-12069)

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. This plugin...

GO-2024-3172 Portainer improperly uses an encryption algorithm in the AesEncrypt function in github.com/portainer/portainer

Portainer improperly uses an encryption algorithm in the AesEncrypt function in github.com/portainer/portainer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.IO.Packaging. This advisory also provides guidance on what developers can do to update their...

ROS-20241008-02

A vulnerability in the Portainer container management platform is related to an improperly used algorithm encryption algorithm in the AesEncrypt function. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the confidentiality, integrity, and availability of...

Inadequate Encryption Strength

github.com/portainer/portainer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the improper use of an encryption algorithm in the AesEncrypt function. An attacker can decrypt sensitive information or compromise data integrity by exploiting the weak encryption...

python: Fix of 2 CVEs

CVE-2024-7592: fix algorithm with quadratic complexity to avoid using excess CPU resources while parsing the cookie value - CVE-2024-6232: fix regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing and was vulnerable to ReDoS via specifically-crafted tar...

Portainer improperly uses an encryption algorithm in the AesEncrypt function

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...